Have you downloaded Firefox 16 yet? The newest version of the browser added quite a few pro-developer features including a really nice developer toolbar. It seems that a rather nasty vulnerability made its way into the update as well.
According to the Mozilla Security Blog, Firefox 16 features a security vulnerability that allows “a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters.” Fortunately, Mozilla hasn’t seen the vulnerability being exploited in the wild by ne’er-do-wells.
In response, Mozilla has pulled from Firefox 16 from widespread release. The Firefox site now features a link to download Firefox 15.0.1. For now, Mozilla suggests that users downgrade to this version until they can get a fix up. The browser will be automatically updated with the fixed version of Firefox 16 once it becomes available later today.
The discovery of this vulnerability highlights the need for more beta testers of Firefox releases. You can download the beta here. If you’re feeling really adventurous, you can also try out the Nightly builds of Firefox to help test far off future versions of the browser.
Firefox 16 for Android was also affected by this vulnerability, but a patched version of the browser is already out.
We’ll update this story to let you know when the updated version of Firefox 16 is available. As stated, some users will be automatically updated. Others will have to download it manually. The vulnerability is unlikely to affect you, but it’s better to be safe than sorry.
UDPATE: Mozilla just dropped us a line saying that Firefox 16.0.1 is now available. You can grab it here. Most Firefox users will have been automatically upgraded to the newest version already.