Mozilla halts Firefox security updates
Stops serving updates to newest versions while it looks into startup crash bug
Computerworld - Mozilla has stopped providing security updates to Firefox users as it investigates a bug that caused computers to crash last week.
Computerworld blogger Michael Horowitz first reported on the problem last Sunday after he tried to update older editions of Firefox on several different machines.
When Horowitz asked Firefox 3.5.11, 3.6.3 and 3.6.8 if there was an update, the browsers told him no newer editions were available. Firefox's up-to-date versions are 3.5.12 and 3.6.9, which Mozilla released a week ago when it patched 15 vulnerabilities, 11 of them labeled "critical."
Computerworld staffers reproduced the issue when they tried to update a copy of Firefox 3.6.6 on Windows Vista and Firefox 3.6.8 on a Mac.
Normally, older versions of Firefox will automatically receive an update with 24-48 hours after it's released, or when the user manually selects the "Check for Updates" from the Help menu.
Monday, Mozilla said it has stopped offering Firefox 3.5.12 and 3.6.9 because of a bug that crashed some users' machines after they'd updated, then restarted the browser.
"We've limited updates to Firefox 3.6.9 and Firefox 3.5.12 at this time as we evaluate some early feedback which indicates that a subset of our user base may be finding the releases unstable," said Michael Shaver, Mozilla's head of engineering, in an e-mail reply to questions yesterday.
According to an entry in Bugzilla, Mozilla's bug and code change database, the company began receiving a large number of crash reports after releasing Firefox 3.5.12 and 3.6.9 last week. The reports have come from machines on all three platforms -- Windows, Mac and Linux -- that Firefox supports, with the majority of them occurring during browser startup.
Mozilla did not say when it would switch updates back on.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Malware and Vulnerabilities White Papers | Webcasts