

Firefox upgrade taken offline due to vulnerability - petenixey
http://www.bbc.co.uk/news/technology-19909106

======
drcube
"The vulnerability could allow a malicious site to potentially determine which
websites users have visited and have access to the URL or URL parameters"

"Firefox 16 itself fixed 14 vulnerabilities in version 15, including 11 that
could allow attackers to install software without any user interaction beyond
normal browsing."

Sounds like 16 is still less dangerous than the older version. Why are they
telling people to downgrade?

[http://arstechnica.com/security/2012/10/mozilla-pulls-day-
ol...](http://arstechnica.com/security/2012/10/mozilla-pulls-day-old-
firefox-16-from-download-site-over-security-risk/)

[http://www.mozilla.org/security/known-
vulnerabilities/firefo...](http://www.mozilla.org/security/known-
vulnerabilities/firefox.html)

~~~
khuey
Because those 14 vulnerabilities are (presumably) not public, while the 1
vulnerability in 16 is.

------
v21
Poor Firefox. They do the right thing, and end up with a #1 Most Read on BBC
News telling people that "Security fear sees Firefox pulled"

------
sergiotapia
Oh fuck, I need to follow instructions to downgrade? FFS. Nah, I don't care
enough to downgrade.

------
epo
20:24 UK time, Firefox updated to 16.0.1

------
mikeratcliffe
Users had to manually upgrade to be using version 16 anyhow ... it was not yet
set up for automatic updates.

A huge amount of news over nothing.

------
pyrotechnick
Welcome to the Age of Aquarius.

