Mozilla Fixes 'Critical' Firefox Flaw

Dennis Faas's picture

Yesterday Mozilla's security chief told users to stop using the latest edition of his company's browser. Michael Coates said the first release of Firefox version 16 contained a serious security flaw.

Fortunately, hackers were unable to exploit the flaw and Mozilla has since offered a solution to the problem.

The problem was particularly serious because Firefox users may have unknowingly upgraded to the new edition. Mozilla uses background updates, so security patches and new editions are downloaded and installed without user control or approval.

Most of the time this isn't a problem. In this case, however, the update to version 16 introduced a security flaw that wasn't present in earlier versions of Firefox the popular web browser.

Emergency Compared to Chemical Spill

Mozilla hasn't provided any information about the bug other than insisting it should be considered 'critical.' Internally, the company has reportedly used the term "chemspilling" to describe the problem. (Source:

Although Mozilla has had to issue emergency security updates before, this is the first time the company has told users to stop using one of its products.

That's an embarrassing admission for a browser company that often points to increased security as a major reason to use Firefox instead of its chief rival, Microsoft's Internet Explorer.

Coates said the bug could allow the operators of a malicious website to view a full list of other websites recently visited by a Firefox user. In some cases the data could include usernames, passwords, or sensitive personal details. (Source:

Customers Told to Downgrade

To mitigate the danger, Mozilla removed version 16 from its Firefox download website for about 24 hours.

That left users of Firefox 16 with two choices: allow Firefox's emergency patch to install itself, or downgrade to a special edition of Firefox version 15 that includes all security fixes since its original release.

Anyone who went the downgrade route can now safely reinstall the revised version 16. However, it's vital to make sure it comes directly from the Mozilla site. This is the safest option, though it may irritate users who like Firefox's "set it and forget it" operation.

Customers who obtained Firefox as an app on an Android device were the first to get the repaired version 16, which came through the Google Play store. It appears creating a patch that was compatible with Windows took Mozilla additional time.

Rate this article: 
No votes yet