Firefox 16 re-released fixing multiple vulnerabilities (The H)

[Posted October 12, 2012 by n8willis]

Mozilla has now released version 16.0.1 of Firefox, fixing the security hole discovered October 10 in Firefox 16, as well as a few other incidental issues. The H has a brief recap of the situation, including availability of the corresponding update for other Mozilla products.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 12, 2012 15:30 UTC (Fri) by lmb (subscriber, #39048) [Link] (5 responses)

That is a very quick and commendable turn-around time on Mozilla's part. Congratulations.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 12, 2012 20:03 UTC (Fri) by epa (subscriber, #39769) [Link] (4 responses)

Unfortunately those who upgraded to 16.0 were left vulnerable (unless they happened to read a news article and were tech-savvy enough to downgrade manually).

This isn't the most severe vulnerability, but Firefox needs a way to push out emergency downgrades as well as upgrades. Reverting to 15.0.1 immediately would have been the safe course of action.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 13, 2012 12:59 UTC (Sat) by freggy (guest, #37477) [Link] (3 responses)

I'm not convinced downgrading was the best option. Firefox 16 fixed several disclosed security vulnerabilities present in Firefox 15. Downgrading made you vulnerable to these vulnerabilities which were known for a longer time.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 14, 2012 18:45 UTC (Sun) by epa (subscriber, #39769) [Link] (2 responses)

In that case, Mozilla should not have pulled the 16.0 upgrade from the download sites. Either it's safer for most users than 15.x or it isn't.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 14, 2012 23:08 UTC (Sun) by Lennie (subscriber, #49641) [Link] (1 responses)

It's obvious from the actions of Mozilla they thought 15.x was the better temporary choice.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 15, 2012 9:54 UTC (Mon) by epa (subscriber, #39769) [Link]

Right, my point is, since 15.x is the better temporary choice, they needed to push out a downgrade from 16.0 to 15.x.

(This time it didn't matter too much since the vulnerability was not a severe one. But they need to have the mechanism available the next time a new version turns out to have a security hole.)

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 15, 2012 10:44 UTC (Mon) by njwhite (guest, #51848) [Link] (3 responses)

I'm sort of suprised Mozilla pulled the 16 release. The vulnerability doesn't seem that great to me; reading the Ars Technica report, it seems like all it can do is examine URL redirection of another window. Not great, and it's good that they fixed it promptly, but pulling the release seems like overkill to me.

From the outside it looks like Mozilla generally sit on minor vulnerabilities and fix them in the next release - I'm not sure why this case should be any different (and I imagine it generated more negative press from clueless people.)

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 15, 2012 20:05 UTC (Mon) by Kaejox (guest, #85586) [Link] (2 responses)

I wouldn't call it "minor vulnerability" but not sure if pulling 16.0 was really needed.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 16, 2012 15:42 UTC (Tue) by knobunc (guest, #4678) [Link] (1 responses)

There's also a question of bandwidth... why "spend" the bandwidth on a download of 16.0 if 16.1 will be out five days later.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 18, 2012 15:00 UTC (Thu) by joedrew (guest, #828) [Link]

It was actually released the very next day (same day for Android). :)