Mozilla re-releases Firefox 16 after patching critical bugs
Back in business after yanking its browser from distribution on Wednesday
Computerworld - Mozilla re-released Firefox 16 today after pulling the browser from distribution Wednesday when one of its developers found a critical bug that could be used by attackers to hijack machines.
At around 2:30 p.m. ET, Mozilla turned on its upgrade servers and started pushing Firefox 16.0.1 to users who had earlier downloaded the flawed browser, or who were still running version 15 and earlier. About 30 minutes later, the open-source developer restored the patched program to its primary and secondary download pages.
Yesterday, Mozilla yanked Firefox 16 from its download websites and stopped serving it to existing users as an upgrade. The withdrawal was prompted by the discovery of a vulnerability, which the company then said "could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters."
On Wednesday, Mozilla promised to ship an emergency update -- it calls them "chemspills" in a nod to security toxicity -- today.
Mozilla has now provided more information about the bug, which it rated as critical.
"Mozilla security researcher 'moz_bug_r_a4' reported a regression where security wrappers are unwrapped without doing a security check in defaultValue()," an accompanying advisory noted. "This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution."
The patch also addressed the issue reported by U.K.-based researcher Gareth Heyes early Wednesday that allowed access to user information, including Twitter usernames, through Firefox 16.
Firefox 16.0.1 fixed four flaws altogether, including two bugs that had caused a large number of crashes on users' systems.
Although Mozilla has had to quickly re-release Firefox before -- in December 2011 it pulled Firefox 9 a day after that edition's release -- this was the first time the firm pulled Firefox from distribution because of a vulnerability.
According to Web metrics company Net Applications, Firefox accounted for 20% of all browsers used worldwide last month, enough to keep Mozilla in second place -- behind only Microsoft and its Internet Explorer -- in the race for browser share.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Workarounds to purge search bar from Firefox's new tab page are available
- Mozilla ships Firefox 31, adds search to new tab page
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts