Slashdot Mirror
Firefox 16 Pulled To Address Security Vulnerability
Shortly after the release of the newest major version of Firefox, an anonymous reader writes with word that "Mozilla has removed Firefox 16 from its installer page due to security vulnerabilities that, if exploited, could allow 'a malicious site to potentially determine which websites users have visited' ... one temporary work-around, until a fix is released, is to downgrade to 15.0.1"
Finally Firefox got legal in my state.
Why the hell did they pull it? Firefox 16.0 fixes 24 bugs, of which 21 are considered important. They're advising people to downgrade to THAT version because of ONE minor privacy issue. Seriously? Why don't they urge people to upgrade to 16.0 and start pushing out 16.0.1 as fast as they can?
Their numbering scheme makes it look like they're not fixing anything, just releasing on a whim. Then this...
The delayed release contains a new Developer Command Line, unprefixes a number of stable features including: CSS3 Animations, Transitions, Transforms, Image Values, IndexedDB and Values and Units. Firefox also unprefixes Battery API and Vibration API, two Web APIs. [Mac users will find that preliminary support for the VoiceOver screen reader]
It also fixes for numerous critical vulnerabilities. Holes associated with a full 14 security advisories were closed in the new Firefox 16, in fact, 11 of them rated “critical.” [memory corruption and memory safety hazards, a buffer overflow bug, and a spoofing and script-injection flaw]
That sounds like enough to more than enough to justify a release. The fact that they have pulled its release for security reasons, seams pretty sensible to be.
It's mad because we never know whether we're getting a patch with a few bug fixes or a completely different UI. I guess I'm mostly annoyed that Mozilla and other software producers feel the need to make-over their UI every six months. It feels like change just for the sake of change.
16.0.1 was already released. Release notes here.