Mozilla 'temporarily' pulls Firefox 16 to address security flaw

Out in the wild just a day, the new browser version is expected to get an update tomorrow to fix an apparently serious vulnerability.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil

Just a day after its debut, Firefox 16 has been "temporarily removed" from Mozilla's installer page while it addresses what is apparently a serious security flaw in the browser's latest version.

"The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters," Michael Coates. Mozilla's director of Security Assurance, said on the company's security blog. "At this time we have no indication that this vulnerability is currently being exploited in the wild."

Mozilla is currently working on a fix it expects to ship to users tomorrow, Coates said. But in the meantime, Mozilla is recommending that users downgrade to version 15.0.1, which he said was unaffected by the flaw.

"Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability," Coates wrote.

The new version of the Web browser landed yesterday with support for HTML5, indicating that Mozilla has decided it has matured enough to run in the browser without causing instability. The new version includes CSS3 Animations, Transforms, Transitions, Image Values, Values and Units, and IndexedDB.