Mozilla rush-releases Firefox security patch


Mozilla has rushed out a new version of its Firefox web browser following the discovery of a security hole that could have let hackers keep tabs on the websites users' visited.

The flaw was uncovered in the 16.0 release of the open source vendor's Firefox software earlier this week, resulting in the product being withdrawn from the company's installer page.

In a blog post, confirming the vulnerability, Michael Coates, Mozilla's director of security assurance, advised users to downgrade to the 15.01 version of Firefox until a patch was created.

"The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL," wrote Coates.

"At this time, we have no indication that this vulnerability is currently being exploited in the wild."

The company released a Firefox software update for Windows, Mac, Linux and Android users yesterday.

Paul Ducklin, head of technology for Asia Pacific at anti-virus vendor Sophos, said in a further blog post that end users should not be put off from downloading the latest software.

"This latest issue reminds us that it's occasionally problematic to be too far ahead of the curve, [but] it's always risky to be behind," he added.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.