If you haven’t yet updated from 15.0.1, you’re fine. Until tomorrow, when version 16 should be released and you can upgrade the downgrade of your upgrade: That does offer you 15.0.1, to which you’re recommended to downgrade. To go back to 15.0.1, you have to go to the new download page. Whether I manually check for updates or go to the default download page, there’s nothing to suggest that I ought to downgrade from 16.0: And if you’ve already upgraded to 16.0, you’d be forgiven for not realising that there’s a security problem at all. If, like me, you always go to the all versions page, which is handy if you run more than one operating system, or want to choose a specific language version, you’ll have been offered 16.0 and no other. At this time we have no indication that this vulnerability is currently being exploited in the wild. The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. Turns out that there’s a good reason, which couldn’t have been less obvious: 16.0 has been “temporarily removed from the installer page” due to a security hole, documented on Mozilla’s security blog (but not on the regular blog, which seems rather an oversight): A fresh install is hardly any more trouble than an update, so why not be ahead of the curve? So I downloaded 16.0 and installed it over my 15.0.1.
That left me wondering how come I’d heard about 16.0, so I went to the Systems and Languages Firefox download page, also known as the all versions page. So I checked by hand – something I like doing every couple of days, even though it’s not supposed to be necessary – using the About Firefox option.Īccording to Firefox, I was up to date at 15.0.1. I use the Check for updates but let me choose whether to install them option, but Firefox hadn’t said anything to me about 16. Firefox shipped version 16 earlier this week.
0 kommentar(er)
