Mozilla has released a security update for its Firefox browser. Version 16.0.2 fixes several critical security vulnerabilities associated with the object location . They allow cross-site scripting attacks (XSS) and possibly the execution of malicious code.
According to Mozilla’s security advisory , the vulnerabilities of the security researchers Mariusz Mlynski, “moz_bug_r_a4” and Antoine Delignat-Lavaud were discovered. The e-mail client Thunderbird is only problems with window.location through RSS feeds, and extensions to reload the web content involved.Therefore, Mozilla has not waived an update.
The Extended Support Release (ESR) of Firefox with one-year support for enterprise and public institution is now, however in version 10.0.10 before. 16.0.2 with Firefox for Android Mozilla has closed the gaps as well.The same goes for the Internet suite SeaMonkey, on the version 2.13.2 has been updated.
Mozilla Firefox 16 was released in early October, withdrew a day later due to a security issue but again. The corrected version 16.0.1 reappeared a day later on 11 October.