Firefox 16 crashes and burns

Mozilla’s Firefox has been slowly losing market share since its peak in mid-2009. Prior to the establishment of Google’s Chrome, Firefox was the only real alternative to the much despised Internet Explorer.

Its market share has been radically reduced by the advent of the mobile internet with consumers choosing to rely on default browsers, Apple’s Safari and the ever-present Google Chrome.

Firefox suffered yet another setback yesterday when, in an unprecedented move, Mozilla pulled the latest release.

Pushed live on Tuesday, Firefox 16 — the latest version of the decreasingly popular browser — contained a fundamental security flaw. It was discovered within 24 hours that the latest release potentially allowed a malicious site to detect and record your browsing history, with full access to URLs and their parameters.

According to a blog post published late last night by Michael Coates, Director of Security Assurance for Mozilla “[they] have no indication that this vulnerability is currently being exploited in the wild”.

Download Firefox

Despite this assurance the issue is more than the usual new release teething problems, as browser manufacturers rarely go to the lengths of withdrawing a new release, typically leaving a buggy product live and patching it as required (as was the case with Firefox 9). Currently, users attempting to download Firefox will be presented with version 15.0.1

Mozilla are expecting to release an update some time later today (Thursday 11th) that will correct the issue. At which point Firefox 16 (version 16.0.1) is expected to be made live again. If you’re concerned that you’ve been affected the advice is to re-download Firefox 15.0.1 until the problem is resolved.

It’s not clear what caused this issue, whether it is a by-product of Mozilla’s rapid release program, or whether it’s the result of patches in the browser designed to address other problems.

As I write this, Firefox 16.0.1 is probably already being prepped for launch. The damage to Mozilla’s reputation will take longer to patch up.

Update: as promised by Mozilla the Firefox 16.0.1 update is now available from mozilla.org/en-US/firefox/new

Have you lost faith in Mozilla as a result of this bug, or does the rapid response increase your confidence in Firefox? Let us know in the comments.

Thumbnail includes ring of fire image via Shutterstock.

  • eels2010

    I still use Firefox, but I admit it’s concerning to see a security issue like this. On the other hand. at least they pulled the plug on it before it became a huge nightmare for users.

  • http://edsonjunior.com/ Edson Simão Jr.

    I guess more important than security issues (all browsers have and always will exist a patch for them) is the “weight” issue of Firefox. It needs an urgent and radically weight loss to fight equally against Google Chrome, otherwise it will die like the Netscape.

    • Pierre-Adrien B.

      Have you tried Firefox recently ? It’s been far lighter for a while. Think the “weight” argument works for old versions such as 3 or 4, but new versions significantly improved on that point.

      • Benjie

        My experience with Firefox has greatly improved since they entered the rapid release program. For me it’s a much better experience than it used to be.

      • Dave

        Agree – Now that most of the add-ons have caught up! :)

  • JohnnyNT

    “Prior to the establishment of Google’s Chrome, Firefox was the only real alternative to the much despised Internet Explorer”

    Opera?

    • Walter

      Opera has about half as many users as Safari. Most surveys place it at less than 2.5% of the market. Literally around 5% of Firefox’s share.

      The big three were IE, FF then Chrome, now it’s Chrome, IE, then FF.

      To put it another way, it’s possible Jill Stein will be the next president of the US.

  • Coerv

    I would always trust Firefox and Mozilla before Google. There have always been bugs in any browser, why is this one so special? They said they’ll fix it and that’s fine for me.

    Firefox has always been a reliable browser for me and I don’t care about the version number. Nobody seems to bother about Chromes version policy.

    I don’t feel comfortable with Google invading more and more parts of my life. So I don’t get why nobody is upset about that.

  • bgbs

    Firefox is the slowest browser on my mac.

    • Anand

      That sounds strange.. It works fast in my Mac. If you have more tabs opened in Chrome, it creates more child process(I guess one for each tab) and as the time goes with more no of tabs, it also takes more memory. I don’t know if it is good or bad. Just my thought.. Chrome is memory/CPU intensive than FF.

  • http://www.facebook.com/K1NGF1SHER Phil Clayton

    “The damage to Mozilla’s reputation will take longer to patch up.” – No it won’t. This changes my mind not one little bit about Mozilla. There will be a fix asap and i’ll keep using it. I’m sure others will as well.

    • Walter

      But are you an informed web professional, or are you one of the vast majority who don’t realise that all browsers have technical issues? Because unless you’re the latter you’re not the problem for Mozilla, the largest market share simply isn’t determined by web designers.

      • Pierre-Adrien B.

        On the other hand, I’m not sure “the vast majority” will be aware of this issue and the fact that during one day, Mozilla had to propose the previous FF version instead of the new one.

      • http://about.me/evanjacobs Evan Jacobs

        Exactly. Joe Shmoe probably had no idea that FF16 even was released, so they’ll just get the next version when the updater pushes it. Sensationalist headlines are sensationalist.

      • Benjie

        Technology is a mainstream issue now, and news outlets worldwide have just reported that Firefox has a critical security error. The error was reported before print publications went to the presses and resolved after they were printed.

        It only takes a few people to think twice about using FF because of a headline that they only half-remember for Mozilla to slip a few more percentage points in the usage figures.

    • http://www.wakondamarketing.com/ Jean-Philippe Maltais

      This isn’t a big loss for Mozilla. All of its latest versions aren’t that great anyway

  • Justin

    As a web designer, Chrome is now my browser of choice. I hate Safari’s new updates, especially the new web inspector and console. It’s also heavy on RAM now, for some reason.. and Firefox has been laggy for a couple years now. Opera is OK, but has plenty of bugs I don’t see elsewhere with regular sites I visit. Chrome is lightest on memory, amongst other pluses.

  • Adam

    The only reason why I use Firefox is because of Firebug.

    • Benjie

      I don’t think I could get through a day without Firebug.

  • Anton Lavey

    This is nuts… I couldn’t even download the new realease before they patched it so, I do believe the reputation is untouched. IE goes for months with no fixes and Chrome is in a “wreck the web” train, being the new IE now. If a client doesn’t see it in Chrome then it must be “fixed”.

  • Adam Wilson

    Its an open source company, and look what they have created, a legacy which chrome has also lived off.

    • Benjie

      Firefox is largely funded by Google. FF’s market share is such that Google deems it expedient to pay for its search to be embedded in the browser. Once FF’s market share dips below a point (probably already determined by Google) they’ll pull the funding and that will be the end of FF as we know it unfortunately.

  • AskKeystroke

    Adobe has ended all development of Flash Player on Linux (Firefox is the default on most distributions), allotting Google sole license over the Linux version, under terms that it remain a native part of Chrome, and Chrome only. No flash on Mozilla on Linux operating systems has got to at least contribute to this backslide in market share…

    I have faith in the Mozilla team. For an open-source project, Firefox is as reliable as it probably gets.

    • Benjie

      I don’t think Flash support has much bearing on it. Few people try and argue that the iPhone will lose market share because it doesn’t support Flash.

  • Daniel Johansson

    This is a seriously opinionated article which I do not agree with at all. It has affected my view of webdesignerdepot negatively. There are security vulnerabilities in all browsers and mozilla is handling this one well so far.

    • Benjie

      I agree Daniel, there are security issues with all browsers. In fact, I can’t name a browser that I feel works as well as it should. Firefox is generally no worse than its rivals

      What I don’t agree with is that Mozilla have handled this well. They’ve taken the honest route, but that’s not necessarily the one that makes most sense in business.

      Do you think Apple would have pulled a release of Safari? No, they’d have pushed the update and kept schtum, reputation intact.

  • Simple

    Lost Faith? In Firefox? I believe I can say with my hand on my heart, that this is never going to happen for me. Firefox was a love at first….browsing, and it will remain the same for me. The fact that a vulnerability is discovered and fixed in such a short time, is just another reason to love it even more. And let’s face it, there is no perfect or invincible browser, but somehow, I am still very confident with my Firefox.

  • Hamdi Rizal

    Honestly, I think Firefox is just a developer tool for me than a web browser. :D

  • http://twitter.com/Xiaozhuli Juliette Giannesini

    Still my browser of choice! I’m not a huge fan of Chrome, and I love Mozilla addons.

  • alvingallardo

    Hmm. Read this article last night and I’m sorry but I don’t like how this article was written. Why in the negative? What feelings are you trying to evoke among your readers?

    The way I see it, Firefox/Mozilla did a good job at resolving the issue–all within 24 hours.

    Did this really result in the loss of confidence in Firefox among its users and damaged the reputation of Mozilla and “will take longer to patch up”?

    Or maybe it’s just the assumption of the author that there is a loss of confidence and a damage to reputation?

    Or maybe that’s the very intent?

    Did the author even tried to get in touch with Mozilla’s Director of Security Assurance?

    Because judging by the contents of this article, the author is not well-informed of what has happened and just came out with this damaging article after reading a blog post.

    Please clarify, because there is a possible loss of confidence and damage to reputation but not on Mozilla/Firefox but on WDD.

    –Posted using Firefox 16.0.1

    • Benjie

      No, Mozilla did not do a good job, a *good* job would have been to thoroughly test the release before it was pushed live; what Mozilla did was an adequate job of correcting a mistake that should never have happened.

      The article is 100% accurate on every point. There is a certain amount of speculation, which is made clear by the phraseology, but that is what an editorial is. What is indisputable is that the stalled launch indicates a lack of any serious QA at Mozilla.

      No attempt whatsoever was made to get in touch with Michael Coates, or any other member of the Mozilla team. Given our respective timezones, if they weren’t sound asleep when the article was written then they had more important things to do than field emails. That is afterall why they publish blogs.

      Naturally there’s no way anyone can make more than an educated guess as to whether this event will have an impact on Firefox’s steady decline, certainly not within 48 hours. The effects, if any, will take months or years to anonymously trickle through into browser usage stats.

      That said, I can assure you there is no anti-Firefox conspiracy at WDD. Not while some people are still using IE7 anyway.

      • Fireflux

        The hit piece was bad enough on its own, but this comment just verifies that you do have a serious anti-Firefox bias here. “Lack of any serious QA”? Get real–anyone can miss a bug, and everyone has.

      • Benjie

        That’s true, anyone can miss a bug. And if it were a bug that emerged after several months it would be entirely understandable. It was found in 24 hours, if it’s that easy to identify any kind of rigorous testing would have found it.

        Programmers miss bugs all the time, that’s why work is double-checked (or even triple-checked) by a different pair of eyes. Failure to do so is, by definition, a lack of proper QA procedure.

        Once again: I use Firefox everyday, it’s better than 80% of the browsers on the market, but I’m not so blindly loyal as to deny a problem that Mozilla themselves acknowledge.

      • alvingallardo

        So I guess you were hurt because Mozilla failed you and their “adequate job of correcting a mistake” is not enough because this “should never have happened” in the first place? Maybe it would help if Mozilla apologize?

        You see, the problem with this editorial, as you call it, is that you asked your readers to take a stand yet have given them baseless assertions.

        Without even bothering to get the side of Mozilla at the pretext of differences in timezones (And yet BBC have no problem getting in touch with Mozilla’s spokesperson bbc.co.uk/news/technology-19917466) and that they had more important things to do (security and QA perhaps?).

        …”stalled launch indicates a lack of any serious QA at Mozilla”. That’s it.

        That is what this article is all about. But without a basis and any attempt at verification that such indication is true.

        Would you now recommend to your readers NOT to use Firefox? Would you even give Mozilla a chance for a rebuttal?

        To say that what happened is indicative of a lack of any serious QA is in itself a serious assertion that demands verification. Otherwise it helps no one and damages Mozilla/Firefox in the process.

        —-
        Let me just clarify that my reactions are not so much about depending Mozilla/Firefox from criticisms. But that if a criticism has to be made, I expect that it be thorough and whatever claims and assertions made are substantiated and verified.

        Maybe similar to the approach that you did with the Disqus Bug? webdesignerdepot.com/2012/08/disqus-a-little-less-disqusion-a-little-more-action-please/

      • Benjie

        I’m not ‘hurt’! Why would I be hurt by anything Mozilla or any other company did?

        Of course all companies make mistakes, but making a mistake does not equate to doing a good job, at least not in any office I’ve ever worked in.

        There’s no call or arms here, it’s simply news coverage of an event that occurred on the internet supplemented by some editorial opinion on why the item is news-worthy.

        As for advising readers not using Firefox, I regularly use 3 different browsers because each one does different things better than the other two. I imagine that most readers do the same.

        I certainly wouldn’t suggest readers drop Firefox as a result of this bug, which as the update above points out has been corrected. I would expect readers to wonder how many other bugs Mozilla missed however, which I think is a fair point.

        There’s nothing baseless in the article, everything stated is a matter of public record. Any opinions expressed are by definition opinions — feel free to disagree with them if you like :)

        As for offering Mozilla the chance to respond, they’re welcome to post in these comments, which is exactly what Disqus did (we didn’t approach them for a comment either).

  • Peter North

    Yes indeed they are losing it. With every next update one of the old add-on stop working. Add-on compatibility should be considered before releasing any update.
    Web Design Company – Website Design services | Web Design CC

  • http://twitter.com/_DrInE_ Sandrine Lam

    I was once a fervent user of Firefox until I think version 7, 8 or so… I kept having technical issues daily. Browser kept freezing. I understand that all browsers do have technical issues here and there, hence the need for updates. But when you have multiple tabs open for work or personal web browsing, it starts to become annoying.

    I’m not a tech expert, the problem might not have resulted uniquely from the browser then but when you keep on getting these kind of problems + add on compatibility kept decreasing, like Peter North mentioned – because developpers hadn’t caught up with Firefox’s latest version yet – as a user, it’s not pleasant anymore.
    I started using Chrome partially then switching to it completely. Some might say they are against Google collecting data about their internet habits/ search behaviours and other security concerns etc… but so far it suits my needs. Some day if I find that Chrome is not the “best” browser anymore, I might switch back to Firefox or find another browser that seem to be appropriate to me.

    Firefox, as any other product, will always have its loyal “fans” while it might cause others to hesitate or stop using it entirely. We all have a choice and a preference…

  • Eric at A Lego a Day

    The damage was done to Firefox many versions ago. What they need to do is plug their run away memory leak. It’s awful. FF will regularly use 1+ GB of memory on my machine. Installed Chrome today, and in testing, it uses a fraction of the memory. And it stays constant. FF slowly chews up more and more until I have to stop/start it. This was just the kick in the pants I needed to finally say good riddance.

  • http://www.blackbookoperations.com/ Black Book Operations

    Let the browser wars begin! :D :D :D

  • P. E.

    “Firefox 16 crashes and burns”? Way over-sensationalized.

    • Benjie

      No, just a pun.

      • alvingallardo

        I guess some people had so much pun with the title , they don’t agree with it.

  • http://twitter.com/NaotaChannel NaotaChannel

    That kind of bizarre propaganda is more at home on MSNBC.

  • jescott418

    I am sure most Firefox users were not even aware of the issue. Only geeks who read tech blogs and keep up with every little hiccup knew much about it. I don’t use Firefox because I just don’t like it.