Yesterday Mozilla took the drastic step of removing its day-old Firefox 16 release due to critical software vulnerabilities introduced in the update that were not present in the previous version, Firefox 15.0.1. On the company's blog, Michael Coates, Mozilla's Director of Security Assurance issued this statement, “Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). We are actively working on a fix and plant to ship updates tomorrow.”
Until the updates ship, the company recommends users downgrade to version 15.0.1 and provided a link to the download on their page. In his blog post, Coates did not indicate how Mozilla became aware of the bug dubbed #799952 in Mozilla's Bugzilla database, but revealed, “the vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild.
Version 16 patched 24 security holes in version 15, 21 of which were dubbed critical vulnerabilities. Despite the chemspill, the company hopes to be back on track sometime today serving updates and downloads of the new Firefox 16.0.1.