Firefox 16 Pulled To Address Security Vulnerability

← Back to Stories (view on slashdot.org)

Firefox 16 Pulled To Address Security Vulnerability

Posted by timothy on Thursday October 11, 2012 @12:48AM from the cautious-cautious dept.

Shortly after the release of the newest major version of Firefox, an anonymous reader writes with word that "Mozilla has removed Firefox 16 from its installer page due to security vulnerabilities that, if exploited, could allow 'a malicious site to potentially determine which websites users have visited' ... one temporary work-around, until a fix is released, is to downgrade to 15.0.1"

27 of 165 comments (clear)

Min score:

Reason:

Sort:

Firefox *16*!? by Rosco+P.+Coltrane · 2012-10-11 00:53 · Score: 2, Funny

Wow, I'm still using FF 3.6.12. I must have fallen into a time wrap bubble... What year is this?

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1. Re:Firefox *16*!? by Anonymous Coward · 2012-10-11 00:57 · Score: 5, Funny
  
  Finally Firefox got legal in my state.
2. Re:Firefox *16*!? by Anonymous Coward · 2012-10-11 00:59 · Score: 2, Interesting
  
  Please, enough with those old jokes. Firefox is buggy and slow enough to create new ones.
3. Re:Firefox *16*!? by buck-yar · 2012-10-11 01:04 · Score: 2, Insightful
  
  Their numbering scheme makes it look like they're not fixing anything, just releasing on a whim. Then this...
4. Re:Firefox *16*!? by dna_(c)(tm)(r) · 2012-10-11 01:12 · Score: 4, Funny
  
  Wow, I'm still using FF 3.6.12. I must have fallen into a time wrap bubble... What year is this?
  Don't worry, Mozilla switched from miles to meters. It's only three weeks ago. Expect FF 238 around Christmas.
5. Re:Firefox *16*!? by mcgrew · 2012-10-11 01:13 · Score: 3, Interesting
  
  So, either you've been offline for longer than usual, or are trolling mozilla.
  
  If he were trolling Mozilla he would have said "here's the patch!" and linked the IE download page. Um, did the IE vuln get fixed yet? Opera is looking better and better!
  
  --
  Free Martian Whores!
6. Re:Firefox *16*!? by BenJury · 2012-10-11 01:14 · Score: 4, Insightful
  
  Why is it 'mad'? I don't understand why people have such issues with this. Its just a damn number. If it really irks you so much just add a decimal point to the start of it in your head and move on.
  
  --
  Blatant Advert: Android Apps!
7. Re:Firefox *16*!? by tuppe666 · 2012-10-11 01:21 · Score: 4, Insightful
  
  It's simply replicating Chrome's numbering scheme. The idea that a higher version number is a better product is still ingrained in people's heads for some reason.
  As part of the process. Large features get to be rolled out when they are ready, rather than waiting for a release every one to two years, or even delaying those releases if they are not.
8. Re:Firefox *16*!? by tuppe666 · 2012-10-11 01:31 · Score: 5, Informative
  
  Their numbering scheme makes it look like they're not fixing anything, just releasing on a whim. Then this...
  The delayed release contains a new Developer Command Line, unprefixes a number of stable features including: CSS3 Animations, Transitions, Transforms, Image Values, IndexedDB and Values and Units. Firefox also unprefixes Battery API and Vibration API, two Web APIs. [Mac users will find that preliminary support for the VoiceOver screen reader]
  It also fixes for numerous critical vulnerabilities. Holes associated with a full 14 security advisories were closed in the new Firefox 16, in fact, 11 of them rated “critical.” [memory corruption and memory safety hazards, a buffer overflow bug, and a spoofing and script-injection flaw]
  That sounds like enough to more than enough to justify a release. The fact that they have pulled its release for security reasons, seams pretty sensible to be.
9. Re:Firefox *16*!? by BenJury · 2012-10-11 01:33 · Score: 2
  
  Um, I suppose if I squint it kinda looks like 'Ib, so I guess so....
  
  --
  Blatant Advert: Android Apps!
10. Re:Firefox *16*!? by dietdew7 · 2012-10-11 01:51 · Score: 5, Insightful
  
  It's mad because we never know whether we're getting a patch with a few bug fixes or a completely different UI. I guess I'm mostly annoyed that Mozilla and other software producers feel the need to make-over their UI every six months. It feels like change just for the sake of change.
11. Re:Firefox *16*!? by runeghost · 2012-10-11 02:08 · Score: 3, Insightful
  
  Fortunately, Firefox is well on it's way to helping destroy that idea.
12. Re:Firefox *16*!? by L4t3r4lu5 · 2012-10-11 02:23 · Score: 4, Funny
  
  If he were trolling Mozilla he would have said "here's the patch!" and linked the IE download page. Um, did the IE vuln get fixed yet? Opera is looking better and better!
  You can prise Mosaic from my cold, dead, Compaq Presario PC with 200MB hard drive and Pentium MMX CPU!
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
13. Re:Firefox *16*!? by Anonymous Coward · 2012-10-11 03:07 · Score: 3, Funny
  
  The newest version of Firefox glows an eerie blue due to the Cherenkov Radiation emitted as the electrons making up it's version number accelerate faster than the speed of light can travel in the OS medium it's suspended in.
14. Re:Firefox *16*!? by mattOzan · 2012-10-11 04:16 · Score: 2
  
  Firefox Extended Service Release (ESR) is available for those who require consistency in the UI for a longer term.
  http://www.mozilla.org/en-US/firefox/organizations/.
  Major version releases are only every 12 months. There is a minor patch release every six weeks which coincides with "normal" Firefox version updates. All security patches are deployed to both release channels, but feature enhancements are not deployed to the ESR channel between major version releases..
15. Re:Firefox *16*!? by jfengel · 2012-10-11 04:42 · Score: 3, Insightful
  
  And they seem to have celebrated by screwing it.
Not so smart by SirDice · 2012-10-11 01:07 · Score: 5, Interesting

Why the hell did they pull it? Firefox 16.0 fixes 24 bugs, of which 21 are considered important. They're advising people to downgrade to THAT version because of ONE minor privacy issue. Seriously? Why don't they urge people to upgrade to 16.0 and start pushing out 16.0.1 as fast as they can?
1. Re:Not so smart by Anonymous Coward · 2012-10-11 01:36 · Score: 3, Informative
  
  As I understand it, sites can access stored URL's and URL parameters. An obvious example of a URL you wouldn't want exposed would be ftp://username:password@someserver.foo.
2. Re:Not so smart by javary · 2012-10-11 07:04 · Score: 3, Informative
  
  16.0.1 is now out.
  https://www.mozilla.org/en-US/firefox/all.html
Oh well by scdeimos · 2012-10-11 01:08 · Score: 3, Insightful

I guess the decades-old saying still holds true, "never install a point-O release."
Sad but expected by Arker · 2012-10-11 01:20 · Score: 3, Insightful

Considering all the stuff "16" was supposed to have fixed, recommending a rollback over this sounds completely incompetent. And therefore expected.
Remember, these are the same geniuses that decided to start rolling the version number everytime someone fixes a typo a few months ago, and thus calling the current version (what is it really, 5.3 or so?) 16. And it isnt truly new either, take a look at this old bug for example: https://bugzilla.mozilla.org/show_bug.cgi?id=78414
Been sitting there well over 10 years now. Not one serious attempt to fix it. How many new features that no one wanted and random gui changes to confuse users have they managed to implement in that time period?
So yeah, no surprise here. Please, someone, make a browser that doesnt suck.

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Gee I wonder how this will go by teslatug · 2012-10-11 01:32 · Score: 2

Let's see, they make it super easy to upgrade, but much harder (in comparison) to downgrade. Can you guess what the majority of users will do?

Of course the fast upgrade cycle has a downside, it's only a matter of time before Mozilla would let its users down with this newfangled upgrade methodology they've subscribed to.

If you're going to have a quick and seamless way to upgrade, you better have a quick and seamless way of downgrading too!
In slightly related news 10hrs chrome patch by bobstreo · 2012-10-11 01:37 · Score: 4, Informative

http://news.slashdot.org/story/12/10/10/2113239/in-under-10-hours-google-patches-chrome-to-plug-hole-found-at-its-pwnium-event
Re:Then why use numbers by VFA · 2012-10-11 02:14 · Score: 2

I think Firefox should only use irrational number for their version numbers. that would be logical :)
Re:It's more than just decimal points by BenJury · 2012-10-11 03:50 · Score: 3, Insightful

That argument completely falls apart, however, when you consider the system admin or the advanced user who ends up asking himself whether he should upgrade a non-conforming piece of software on a computer or not.

If you're making this decision based on the version number alone, you're doing it wrong.

--
Blatant Advert: Android Apps!
Wasn't on the beta channel first by Animats · 2012-10-11 04:45 · Score: 2

I was subscribed to the Firefox beta channel, since I develop add-ons for Firefox. When Firefox 16 came out on the release channel, the beta channel was still delivering Firefox 15.0. Apparently somebody skipped the beta test.
Already fixed by Emetophobe · 2012-10-11 06:58 · Score: 5, Informative

16.0.1 was already released. Release notes here.