LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 12, 2012 15:30 UTC (Fri) by lmb (subscriber, #39048)
Parent article: Firefox 16 re-released fixing multiple vulnerabilities (The H)

That is a very quick and commendable turn-around time on Mozilla's part. Congratulations.

(Log in to post comments)

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 12, 2012 20:03 UTC (Fri) by epa (subscriber, #39769) [Link]

Unfortunately those who upgraded to 16.0 were left vulnerable (unless they happened to read a news article and were tech-savvy enough to downgrade manually).

This isn't the most severe vulnerability, but Firefox needs a way to push out emergency downgrades as well as upgrades. Reverting to 15.0.1 immediately would have been the safe course of action.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 13, 2012 12:59 UTC (Sat) by freggy (guest, #37477) [Link]

I'm not convinced downgrading was the best option. Firefox 16 fixed several disclosed security vulnerabilities present in Firefox 15. Downgrading made you vulnerable to these vulnerabilities which were known for a longer time.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 14, 2012 18:45 UTC (Sun) by epa (subscriber, #39769) [Link]

In that case, Mozilla should not have pulled the 16.0 upgrade from the download sites. Either it's safer for most users than 15.x or it isn't.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 14, 2012 23:08 UTC (Sun) by Lennie (subscriber, #49641) [Link]

It's obvious from the actions of Mozilla they thought 15.x was the better temporary choice.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 15, 2012 9:54 UTC (Mon) by epa (subscriber, #39769) [Link]

Right, my point is, since 15.x is the better temporary choice, they needed to push out a downgrade from 16.0 to 15.x.

(This time it didn't matter too much since the vulnerability was not a severe one. But they need to have the mechanism available the next time a new version turns out to have a security hole.)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds