A hole in Firefox 16 makes it possible for a malicious site to access a user's browsing history, Mozilla security chief Michael Coates revealed in a blog yesterday.

Coates promised a patch today for the vulnerability in the latest version of the browser.

Mozilla 16 was released on Tuesday but pulled a day later because of the vulnerability which would allow a hacker to suck out URLs from the browser history of a visitor of a malicious page.

There was no indication that the weakness was being exploited in the wild said Coates. Users on Firefox 15 are unaffected.

Mozilla-users who don't want to wait for the patch today can downgrade to Firefox 15.0.1 until the clean version of 16 is ready. ®

Related stories

• Firefox and Opera squish big buffer overflow bugs (22 November 2012)
• One in four don't clean their stinky old browsers - especially Firefoxers (12 November 2012)
• Steam spawns vulnerabilities, say researchers (17 October 2012)
• Mozilla floats fondleslab-ready Firefox for Win 8 (5 October 2012)
• Top admen beg Microsoft to switch off 'Do Not Track' in IE 10 (3 October 2012)
• Open ... and Shut Firefox's birthday present to us: Teaching tech titans about DIY upstarts (28 September 2012)
• The perfect CRIME? New HTTPS web hijack attack explained (14 September 2012)
• Mozilla dumps iOS, pulls Firefox Home from iTunes Store (4 September 2012)