RealTime IT News

Mozilla Issues Critical Update for Firefox 10

firefoxFrom the 'Rapid Bug Fix' files:

The open source Mozilla Firefox 10 web browser is the first of a new era for Firefox. Firefox 10 is an ESR (Extended Support Release), with at least 42 weeks of support. In contrast with Mozilla's new rapid release cycle new non-ESR releases are out every six weeks.

Barely two weeks after being released, Mozilla is already updating Firefox 10. Firefox 10.0.1 was released late Friday with no advance notice from Mozilla. That's not exactly a good way to handle the first update for an enterprise release IMHO.

The 10.0.1 update however isn't just a quick fix for a minor bug though. The fix is for a critical flaw that Mozilla obviously felt needed to be patched ASAP.

The fixed flaw is a Use-After-Free issue (which seem all to common these days to me). This particular Use After Free in the ReadPrototypeBindings function.

Yes it's great that Mozilla patched this fast. NO it's not good that this was missed in the initial Firefox 10.0 build and it's not good that there wasn't (to the best of my knowledge) proper advance notification for the update. Enterprise users are a conservative bunch and it's important to provide a warning that an update is coming. The whole point of the ESR was to avoid the hassles of the rapid release update, but I suspect that this rapid release bug fix issue will still be a hassle of sorts for plenty of big enterprises that still aren't equipped to do non-scheduled updates.

To be fair, this is the first bug update for the ESR and perhaps, I'm just expecting too much from Mozilla. After all, the bottom line in a fix like this is about user security, which is always better when it's delivered faster, right?





Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals. Follow him on Twitter @TechJournalist.