Mozilla releases Firefox 16.0.1 to address four vulnerabilities@ 2012/10/12
Mozilla pulled down Firefox 16 from its website on Wednesday, one day after its release, because of a vulnerability that potentially allowed malicious Web pages to read the URLs of other websites accessed by visiting users. Such behavior should normally be prohibited by the browser's security mechanisms.
The issue was publicly disclosed by security researcher Gareth Heyes on Wednesday. Heyes published proof-of-concept code that, when loaded from an arbitrary Web page, could determine the user name of a user logged into Twitter.
Mozilla determined that the issue found by Heyes only affects Firefox 16.0 and addressed it in Firefox 16.0.1.