A hole in Firefox 16 makes it possible for a malicious site to access a user's browsing history, Mozilla security chief Michael Coates revealed in a blog yesterday...
Coates promised a patch today for the vulnerability in the latest version of the browser.
Mozilla 16 was released on Tuesday but pulled a day later because of the vulnerability which would allow a hacker to suck out URLs from the browser history of a visitor of a malicious page.
There was no indication that the weakness was being exploited in the wild said Coates. Users on Firefox 15 are unaffected.
Mozilla-users who don't want to wait for the patch today can downgrade to Firefox 15.0.1 until the clean version of 16 is ready.
As Per Mozilla Security Expert..
Issue:
Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). We are actively working on a fix and plan to ship updates tomorrow. Firefox version 15 is unaffected.
Impact:
The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild.
Status:
Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available. As a precaution, users can downgrade to version 15.0.1 by following these instructions [http://www.mozilla.org/firefox/new/]. Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability.
Michael Coates
Director of Security Assurance
Source : https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
Source : https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
No comments:
Post a Comment