Sites can slurp browser history right out of Firefox 16

Plug promised today for leaky hole

29 Reg comments Got Tips?

A hole in Firefox 16 makes it possible for a malicious site to access a user's browsing history, Mozilla security chief Michael Coates revealed in a blog yesterday.

Coates promised a patch today for the vulnerability in the latest version of the browser.

Mozilla 16 was released on Tuesday but pulled a day later because of the vulnerability which would allow a hacker to suck out URLs from the browser history of a visitor of a malicious page.

There was no indication that the weakness was being exploited in the wild said Coates. Users on Firefox 15 are unaffected.

Mozilla-users who don't want to wait for the patch today can downgrade to Firefox 15.0.1 until the clean version of 16 is ready. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

Not one to be outdone by Microsoft, Apple's cloud fell over too. Unlike Microsoft, it hasn't said what happened

Apple TV, iCloud Mail, iWork for iCloud, App Store and more go TITSUP*

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

Lack of protections around trace facility gives local users read and write access

Leaked benchmarks from developer kit for Apple's home-baked silicon appear to give Microsoft a run for its money

Before you get too excited 1) They're benchmarks 2) New consumer Arm-based Macs might use something else

Microsoft sides with Epic over Apple developer ban, supports motion for temporary restraining order

'Apple’s discontinuation of Epic’s ability to develop and support Unreal Engine for iOS or macOS will harm game creators and gamers,' says Microsoft

Swift tailored for Windows no longer folklore: Apple's programming language available for Microsoft OS

The Redmond-aligned can try the Cupertino-spawned lingo thanks to a Googler's intervention

Unexpected risks of using Apple ID: 'Sign in with Apple' will be blocked for Epic Games

Updated Games dev pleads with users to set up a password before they get locked out

No-no-no-notarised: Apple gives Microsoft's Visual Studio Code the all-clear for Mac devs

Don't cry for me, Catalina! Don't scream when firing up the open-source editor ♬

You know that Microsoft ZeroLogon bug you've been dragging your feet on? It's getting pwned in the wild now

Scan servers for signs of compromise and patch if you haven't already

Biting the hand that feeds IT © 1998–2020