Original URL: https://www.theregister.co.uk/2012/10/11/snoop_hole_mozilla_firefox_16/

Sites can slurp browser history right out of Firefox 16

Plug promised today for leaky hole

By Anna Leach

Posted in Security, 11th October 2012 12:27 GMT

A hole in Firefox 16 makes it possible for a malicious site to access a user's browsing history, Mozilla security chief Michael Coates revealed in a blog yesterday.

Coates promised a patch today for the vulnerability in the latest version of the browser.

Mozilla 16 was released on Tuesday but pulled a day later because of the vulnerability which would allow a hacker to suck out URLs from the browser history of a visitor of a malicious page.

There was no indication that the weakness was being exploited in the wild said Coates. Users on Firefox 15 are unaffected.

Mozilla-users who don't want to wait for the patch today can downgrade to Firefox 15.0.1 until the clean version of 16 is ready. ®