16.0.2 Firefox is now available for anyone who wants to try before anyone else. Mozilla address one serious vulnerability. According to the information security of Mozilla, they has fixed a number of issues related to the Location object in order to enhance overall security. The Location object is supported by all major browsers and contains information about the URL being requested.
Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.
Another issue centers on the CheckURL function, which if exploited could be used during an XSS attack or to execute malicious code.
On Oct. 9, Mozilla released Firefox 16, but quickly pulled it back after a serious vulnerability was discovered. It was quickly addressed, but not before exploit code was made available.
Generally Firefox offers 16 power optimizations, minor visual changes and enhanced HTML5 support. As of now, version 16.0.2 is being reported as stable. Downloads are available online.
