Mozilla Firefox 5 has been released earlier this week, only three months after rolling out Firefox 4 and a month after it released version 5 in beta.
Version 5 has “more than 1,000 enhancements,” which include the “Do Not Track” privacy feature and support for the CSS Animations standard, among other things.
In its rush to make the Web better, however, Mozilla is taking criticism for not making it especially clear to users that it would stop issuing vulnerability patches for Firefox 4.
That has given rise to concerns that users who delay updating for various reasons may not realize they’ll lack protection against the latest malware.
“Firefox 5 is the security update for Firefox 4, and we do not plan to release a Firefox 4.0.2,” Johnathan Nightingale, the Mozilla Foundation’s director of Firefox engineering, told TechNewsWorld.
Should Mozilla have more forcefully notified Firefox 4 users that they have to upgrade to version 5? Should it include automatic updates instead of just sending users a pop-up window reminding them to update their browsers?
The Paradox of Speed and Security
The release cycle for new versions of browsers has been drastically shortened as the players seek to trump each other’s products with newer and better ones.
That bumped-up product cycle has both advantages and disadvantages.
“Security is typically the first area to be sacrificed when developers are under increased pressure to get out new software releases,” Stach & Liu’s Brown pointed out.
“The industry will need to be vigilant in scrutinizing the security of new browser releases,” Brown warned.
On the other hand, hackers are ramping up their assaults and coming up with inventive new attacks, so browsers whose vendors lag in issuing an update pose a security risk.
“Hopefully, this rapid release approach will also result in the faster patching of security vulnerabilities,” Brown remarked.
That’s exactly what Mozilla thinks.
“By releasing small, focused updates more often, we are able to deliver improved security and stability even as we introduce new features, which is better for our users, and for the Web,” Mozilla’s Nightingale said.
“If a serious security issue is found between regularly scheduled Firefox updates, we will release an interim update quickly, as we always have,” Nightingale stated.
Complete story here