Mozilla halts Firefox security updates
Stops serving updates to newest versions while it looks into startup crash bug
Computerworld - Mozilla has stopped providing security updates to Firefox users as it investigates a bug that caused computers to crash last week.
Computerworld blogger Michael Horowitz first reported on the problem last Sunday after he tried to update older editions of Firefox on several different machines.
When Horowitz asked Firefox 3.5.11, 3.6.3 and 3.6.8 if there was an update, the browsers told him no newer editions were available. Firefox's up-to-date versions are 3.5.12 and 3.6.9, which Mozilla released a week ago when it patched 15 vulnerabilities, 11 of them labeled "critical."
Computerworld staffers reproduced the issue when they tried to update a copy of Firefox 3.6.6 on Windows Vista and Firefox 3.6.8 on a Mac.
Normally, older versions of Firefox will automatically receive an update with 24-48 hours after it's released, or when the user manually selects the "Check for Updates" from the Help menu.
Monday, Mozilla said it has stopped offering Firefox 3.5.12 and 3.6.9 because of a bug that crashed some users' machines after they'd updated, then restarted the browser.
"We've limited updates to Firefox 3.6.9 and Firefox 3.5.12 at this time as we evaluate some early feedback which indicates that a subset of our user base may be finding the releases unstable," said Michael Shaver, Mozilla's head of engineering, in an e-mail reply to questions yesterday.
According to an entry in Bugzilla, Mozilla's bug and code change database, the company began receiving a large number of crash reports after releasing Firefox 3.5.12 and 3.6.9 last week. The reports have come from machines on all three platforms -- Windows, Mac and Linux -- that Firefox supports, with the majority of them occurring during browser startup.
Mozilla did not say when it would switch updates back on.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Malware and Vulnerabilities White Papers | Webcasts