Sites can slurp browser history right out of Firefox 16
Plug promised today for leaky hole
A hole in Firefox 16 makes it possible for a malicious site to access a user's browsing history, Mozilla security chief Michael Coates revealed in a blog yesterday.
Coates promised a patch today for the vulnerability in the latest version of the browser.
Mozilla 16 was released on Tuesday but pulled a day later because of the vulnerability which would allow a hacker to suck out URLs from the browser history of a visitor of a malicious page.
There was no indication that the weakness was being exploited in the wild said Coates. Users on Firefox 15 are unaffected.
Mozilla-users who don't want to wait for the patch today can downgrade to Firefox 15.0.1 until the clean version of 16 is ready. ®