Mozilla Firefox upgrade withdrawn amid concerns over security vulnerability

Mozilla yesterday took the rare step of pulling the new release just a day after its distribution.

The company said they had identified a critical vulnerability with the browser.

Today the company detailed the security fixes in an updated version of its open source browser, including fixing 14 security holes, 11 of which it rates as critical.

These include a variety of corruption and memory handling issues.

Mozilla pulled the previous release amid concerns the security holes could be exploited by attackers to run damaging code on the victim's system.

The company, which is a not-for-profit organisation, said only a limited number of users will have been affected.

In a post to the company's security blog yesterday Michael Coates, Mozilla's director of security assurance, wrote : “The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters.  At this time we have no indication that this vulnerability is currently being exploited in the wild.”

The blog also said that users who had automatically updated to Firefox 16 should as a precaution: “Downgrade to version 15.0.1. Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability.”

Firefox is one of the big three leading web browsers - and is thought to have more than 450 million users worldwide and around 29 per cent of the worldwide share.

Google Chrome is recently thought to have taken the lead in the race to become the most used browser worldwide over rival Microsoft's Internet Explorer.