Mozilla re-releases Firefox 16 after patching critical bugs
Back in business after yanking its browser from distribution on Wednesday
Computerworld - Mozilla re-released Firefox 16 today after pulling the browser from distribution Wednesday when one of its developers found a critical bug that could be used by attackers to hijack machines.
At around 2:30 p.m. ET, Mozilla turned on its upgrade servers and started pushing Firefox 16.0.1 to users who had earlier downloaded the flawed browser, or who were still running version 15 and earlier. About 30 minutes later, the open-source developer restored the patched program to its primary and secondary download pages.
Yesterday, Mozilla yanked Firefox 16 from its download websites and stopped serving it to existing users as an upgrade. The withdrawal was prompted by the discovery of a vulnerability, which the company then said "could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters."
On Wednesday, Mozilla promised to ship an emergency update -- it calls them "chemspills" in a nod to security toxicity -- today.
Mozilla has now provided more information about the bug, which it rated as critical.
"Mozilla security researcher 'moz_bug_r_a4' reported a regression where security wrappers are unwrapped without doing a security check in defaultValue()," an accompanying advisory noted. "This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution."
The patch also addressed the issue reported by U.K.-based researcher Gareth Heyes early Wednesday that allowed access to user information, including Twitter usernames, through Firefox 16.
Firefox 16.0.1 fixed four flaws altogether, including two bugs that had caused a large number of crashes on users' systems.
Although Mozilla has had to quickly re-release Firefox before -- in December 2011 it pulled Firefox 9 a day after that edition's release -- this was the first time the firm pulled Firefox from distribution because of a vulnerability.
According to Web metrics company Net Applications, Firefox accounted for 20% of all browsers used worldwide last month, enough to keep Mozilla in second place -- behind only Microsoft and its Internet Explorer -- in the race for browser share.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts