Mozilla Firefox upgrade withdrawn: are you safe?
So are you safe?%VIRTUAL-SkimlinksPromo%
The weaknessThe vulnerability is only hypothetical. Testers at Mozilla discovered just after the release of Firefox 16 that there was a weakness in the software that could potentially allow criminals to discover which sites you had visited. As a result, they withdraw it from their downloads site.
Michael Coates, Mozilla's director of security assurance, said in his blog: "The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters." He added: "Firefox 16 has been temporarily removed from the current installer page."
Should you worryThis sounds worrying. However, Graham Cluley, senior technology consultant at Sophos, told AOL that it doesn't seem as alarming as the Explorer scare last month. He says: "The key issue is that there is no evidence of anyone having taken advantage of this vulnerability." Coates confirmed: "At this time we have no indication that this vulnerability is currently being exploited in the wild."
Instead, Cluley says, this is part of the normal turn of events for browsers: they issue the software, they continually monitor and test it, they identify weaknesses, and then they fix them. The only unusual thing as that they discovered the weakness so soon after launch that they decided the best bet was to withdraw it.
What can you do?The advice from Mozilla is that for the very small number of users who have already upgraded to version 16 is to download a new version which fixes the problem. A link to the new browser is available here.
*For all AOL users, there is an updated version to patch the security issue which can be downloaded here: http://browsers.aol.com/customfirefox/aol/download.html?locale=uk