The latest version brings more security and bug fixes

Oct 27, 2012 12:10 GMT  ·  By

Mozilla has just fixed a few more security issues found in Firefox for Android and delivered it via update. Android users will be automatically notified on the update and we recommend they install this security update.

This is the second update for the Android version of Firefox launched in the past two weeks. The previous 16.0.1 update fixed a bug that was brought by another update.

The update also added quite a number of stability fixes for bugs that were found to affect Android devices powered by various CyanogenMod builds.

According to Mozilla, a number of issues related to the “Location object” have been fixed in order to enhance overall security. Some of the security issues fixed by developers are detailed below:

- “The true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.” (Security researcher Mariusz Mlynski)

- “The CheckURL function in window.location can be forced to return the wrong calling document and principal, allowing a cross-site scripting (XSS) attack. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content.” (Security researcher moz_bug_r_a4)

Keep in mind that Thunderbird is only affected by “window.Location” problems through RSS feeds and extensions that load Internet content.

For more details on the changes included in this update for Firefox for Android, check out the official announcement here. Hopefully, Mozilla will bring new features in the next update, besides the usual bug fixes.

Firefox 16.0.2 is now available as a free download via Google Play store and it should be fully compatible with all devices running Android 2.2 and up. Check it out here.