Mozilla halts Firefox security updates
Stops serving updates to newest versions while it looks into startup crash bug
Computerworld - Mozilla has stopped providing security updates to Firefox users as it investigates a bug that caused computers to crash last week.
Computerworld blogger Michael Horowitz first reported on the problem last Sunday after he tried to update older editions of Firefox on several different machines.
When Horowitz asked Firefox 3.5.11, 3.6.3 and 3.6.8 if there was an update, the browsers told him no newer editions were available. Firefox's up-to-date versions are 3.5.12 and 3.6.9, which Mozilla released a week ago when it patched 15 vulnerabilities, 11 of them labeled "critical."
Computerworld staffers reproduced the issue when they tried to update a copy of Firefox 3.6.6 on Windows Vista and Firefox 3.6.8 on a Mac.
Normally, older versions of Firefox will automatically receive an update with 24-48 hours after it's released, or when the user manually selects the "Check for Updates" from the Help menu.
Monday, Mozilla said it has stopped offering Firefox 3.5.12 and 3.6.9 because of a bug that crashed some users' machines after they'd updated, then restarted the browser.
"We've limited updates to Firefox 3.6.9 and Firefox 3.5.12 at this time as we evaluate some early feedback which indicates that a subset of our user base may be finding the releases unstable," said Michael Shaver, Mozilla's head of engineering, in an e-mail reply to questions yesterday.
According to an entry in Bugzilla, Mozilla's bug and code change database, the company began receiving a large number of crash reports after releasing Firefox 3.5.12 and 3.6.9 last week. The reports have come from machines on all three platforms -- Windows, Mac and Linux -- that Firefox supports, with the majority of them occurring during browser startup.
Mozilla did not say when it would switch updates back on.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts