Mozilla has released version 16.0.1 of its browser Firefox. The update fixes a critical security issue, because of the enterprise version 16 just a day after the release withdrawn had.
The flaw was on Wednesday by security researcher Gareth Heyes has been identified, which provided also proof-of-concept code for the gap. “The vulnerability allows a malicious Web site, it may be to identify the sites visited by a user or to access the URL or the URL parameters,” said Michael Coates, Director of Security Assurance at Mozilla, in a blog entry. But there have been no signs that they will be exploited. Users that Firefox had 16 already installed, Mozilla recommended a temporary downgrade to non-vulnerable version 15.0.1.
Since yesterday afternoon now the fixed version 16.0.1 of the desktop browser is available, which is automatically installed. The Android version Mozilla had already updated the night before.
In a security advisory gives the company more details on the critical gap. Accordingly, security measures have been disabled, without a security check in defaultValue () perform. “This allows unauthorized access to the object location . In version 15 and earlier ran the risk of malicious code execution. “