Mozilla has removed the latest version of their FireFox Web browser just over a day after it was released, due to a vulnerability that was discovered after it had shipped.
The action was dismissed by many, simply an example of a organization protecting users by fixing a flaw. However, opponents of their new release schedule say this most recent event could have been prevented with proper checking.
Michael Coates, the director of security assurance for Mozilla, made the announcement of the decision to pull the latest build of Firefox on the organization’s security blog on Wednesday.
“Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available,” he wrote.
“The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters,” he continued. “At this time we have no indication that this vulnerability is currently being exploited in the wild. We are actively working on a fix and plan to ship updates tomorrow. Firefox version 15 is unaffected.”
As of 0400 EST on Thursday, version 16.0 of the popular Web browser was still unavailable; all channels reporting that 15.0.1 as the latest stable build.
Matt A. Tobin, leaving a comment on Mozilla’s security blog, criticized their rapid release initiative, saying that he was disappointed. His remarks mirror many pundits who were against the move to push releases to the public at a quicker pace.
“With features and code being backed out you are left with mixing of new and old code which presents unpredictable results in the so called ‘Final’ product which has affected stability and reliability in the browser since Firefox 5 began the trend,” Tobin wrote. “Obviously this was a marketing decision made with no regard for code stability or testing. It is and has harmed firefox (sic) so much more than the apparent slowness of the previous release cycle ever did.”
Tobin closed his remarks by giving a nod to a recent fork of Firefox dubbed Pale Moon. Mozilla did not respond to his remarks.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- Tenable Launches $25 Million Early-Stage Venture Fund
- 820k Impacted by Data Breach at Zacks Investment Research
- Mapping Threat Intelligence to the NIST Compliance Framework Part 2
- Hive Ransomware Operation Shut Down by Law Enforcement
- US Government Agencies Warn of Malicious Use of Remote Management Software
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
