Firefox 16 looked promising, and undoubtedly made a lot of Firefox fans very excited. Unfortunately, the release was delayed due to an exploit found that could give malicious sites a look at which sites users had visited and which ones had access to the URL or URL parameters.
It’s unclear how long Firefox 16 will be delayed after only being available to the general public for a single day, though Mozilla has indicated that it is in the process of making a patch and will notify current Firefox 15 users of the available update when it is ready.
This isn’t the first time that Firefox has made headlines for vulnerabilities. Firefox 3.5 and 3.6 experienced zero-day vulnerabilities that required quick updates to plug a hole that allowed for remote code execution, which is a big concern for the browser world and a constant battle for any developer. In 2009, Firefox topped Cenzic’s list of the most vulnerable browsers, citing a number of vulnerabilities over the years.
Does this mean that Firefox is unsafe? Not any more than other browsers. Google is still handing out boatloads of cash to hackers who discover vulnerabilities, and one crafty teenager netted a $60,000 payday this week.
Internet Explorer (IE), Safari, Opera, RockMelt, and others have pretty much all experienced their fair share of exploits. When Apple first launched Safari for Windows, it was considered the most insecure browser on the market. This has changed since then, though any time you introduce new changes to a platform, holes are to be expected. There hasn’t been a browser made yet that doesn’t have a hole or two through which hackers can’t find their way.
A lot of your browser safety still depends on good usage practices. Avoid sites you don’t recognize or trust. Do your due diligence to check links sent through email before clicking them, even if they appear to be absolutely genuine. Avoid any link that appears in a search menu that appears to be too good to be true.
For now, you can still download and enjoy Firefox 15.0.1 and update to the latest version when it becomes available.
Image: Mozilla
For both firefox and chrome I use addons such as Adblock, NoScript, and ScriptNo to avoid most exploits. I haven’t updated in a while, so I’m probably not at risk. I recommend everyone doing that, but if you go to a website you love to visit and wish to support via ads, turn those addons off for those domains.
Depends on who. Vulnerable depends more on what one values than on what actually might or might not be possible due to exploitable things in the software. Privacy passionate folks just had better keep watching, no matter what the software does, what happens in the wild keeps changing. Other than the tracking-related issues, fox is one of the LESS vulnerable browsers, even that version.
16.01 has been released that takes care of any problems
Confirmed. v16.0.1 is released. Well done, Mozilla!