Dan Goodin reports:
Attack code that exploits a privacy information leak introduced in the latest version of Firefox is available online, making it easy for malicious websites to gather detailed information about users’ browsing history unless they downgrade to the previous Mozilla release.
As previously reported, Mozilla officials took the unusual step of temporarily removing Firefox 16 on Wednesday, just one day after its release. Company officials warned that a security hole introduced in the release “could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters.” They went on to say there was no evidence the vulnerability was being exploited by real-world attackers.
Read more on Ars Technica.