The original announcement from Mozilla never specified that the Android version was affected by the aforementioned vulnerability, described by the company as a flaw that could allow a malicious site to potentially determine which websites users have visited by accessing URL parameters. Then again, the organization didn’t list any of the affected operating systems, and it has now become clear that all of them have vulnerable Firefox 16 flavors: Windows, Mac, Linux, and Android.
Since this is only for the security update, the official Firefox 16.0.1 for Android changelog is a short one: the vulnerability in question and “CM10 stability issues.” At the time of writing, only the Android version has been patched. Desktop users are still being advised to download Firefox 15.0.1 from mozilla.org/firefox.
Let’s recap the timeline of events. Firefox 16 was released on Monday and officially launched on Tuesday. On Wednesday (today), Mozilla revealed the latest version of its browser has a security hole, and confirmed Firefox 15 is safe to use.
Mozilla also said it has not seen any indication of the flaw being exploited in the wild but nevertheless pulled the Firefox 16 installer for Windows, Mac, and Linux. It then announced plans to release a patch at an undisclosed time on Thursday. The company also promised users would be automatically upgraded when the latest version is made available.
Given that the Android version was not pulled, I and many others simply assumed it was not affected. This turned out to be false, as the patch that just went live proves. Regardless, now we can return to waiting for the Windows, Mac, and Linux platforms to get Firefox 16.0.1 as well.
Image credit: Lorenzo González