RealTime IT News

Mozilla Plans to Renumbers Open Source Firefox Security Updates

firefoxFrom the 'enterprise browser' files:

Ok, I know... the 'E' in Firefox ESR does not stand for 'Enterprise', but it should. The ESR - Extended Support Release is an effort to help organizations stay with a secure version of Firefox for longer period of times than the current fast track six-week release cycle of Firefox.

I rely on Firefox ESR and I recommend it to lots of people because it's a much safer version of Firefox to use with custom apps that sometimes - break - with the fast release cycle of Firefox.

The most recent Firefox mainline release is version 21, while the current Firefox ESR is 17. The next Firefox ESR is currently schedule to coincide with the Firefox 24 mainline release.

While the feature bits of the ESR only change every 7 Firefox mainline releases, the security fixes (and there are always security fixes) are backported for each ESR.

With Firefox 21, the new ESR security update was numbered Firefox ESR 17.0.6. A new bugzilla entry proposes that the numbering system be changed to make it easier to associate versions.

Mozilla developer Alex Keybl wrote:

"We'd like to use the second number in the ESR (and mainline Firefox) version number for planned security releases of a single Gecko version."

In that way the first security update for Firefox ESR 24 would be 24.1 and not 24.0.1. The same 'should' hold true for mainline Firefox releases as well. So if there is is a security update inside of the six week release train (which does happen, sometimes) the Firefox 24 security update would be Firefox 24.x instead of Firefox 24.0.x.

Seems like an obvious idea to me.

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.

Comment and Contribute