Mozilla yesterday said it will kick off a slower-paced Firefox release schedule for enterprises at the end of this month.
The new version -- Firefox ESR, which stands for Extended Support Release -- is Mozilla's response to backlash earlier this year against its scheme to ship a new edition of the browser every six weeks.
Firefox ESR will release every 42 weeks, seven times the usual pace, and because Mozilla will support the current ESR edition for an additional 12 weeks after the next version appears, a single edition will be supported with security patches for 54 weeks, or just over a year.
Mozilla now discontinues security support for a specific version of Firefox as soon as the next in line appears.
The first enterprise edition, Firefox ESR 10, will ship Jan. 31 alongside the standard Firefox 10, and the second will appear as Firefox ESR 17 on Nov. 20. Security updates for ESR 10, however, will continue through Feb. 12, 2013, giving enterprises the intervening 12 weeks to test ESR 17 while still receiving patches.
Rather than use the version numbers associated with Firefox -- say, Firefox 11, 12 and so on -- Firefox ESR will be designated as Firefox ESR 10.1, 10.2 and the like, until Firefox ESR 17 shows.
In those ESR point releases, Mozilla will deliver only those security fixes that address vulnerabilities rated "critical" or "high," or zero-day bugs being exploited in the wild. Changes that add new functionality to the standard Firefox will not be included in Firefox ESR releases.
"Maintenance of each ESR...would be limited to high-risk/impact security vulnerabilities and would also include chemspills -- off-schedule releases that address live security vulnerabilities," said Mozilla in its final ESR proposal. "Backports of any functional enhancements and/or stability fixes would not be in scope."
That means that any interface changes Mozilla makes to Firefox after Jan. 31 will not appear in Firefox ESR until version 17 launches in late November.
"I think folks are pretty happy with this," Mike Kaply, a consultant who specializes in writing Firefox add-ons and in customizing the browser for corporate clients, said in an email reply to questions.
Kaply was one of the critics who last June knocked Mozilla's rapid release schedule, saying that the six-week scheme was unworkable for enterprises because it did not give them enough time to test each update. Kaply and others raised additional issues, including Mozilla's decision not to support older editions with security updates, forcing companies to choose between running an untested browser or one that had known vulnerabilities.
Mozilla took heat over the rapid-release schedule it debuted last June in part because Asa Dotzler, a director of Firefox, raised hackles by saying that enterprise "has never been (and I'll argue, shouldn't be) a focus of ours," and dismissed corporate users as "a drop in the bucket."
Rival Microsoft used the brouhaha to pitch its Internet Explorer (IE) browser to enterprises.
In turn, Mozilla then formed a working group to look at ways to keep enterprise users happy. Firefox ERS came out of that group.
Kaply, who monitored the enterprise working group mailing list and attended the online meeting Thursday when Mozilla pulled the trigger on Firefox ESR, said he and others still worry that Mozilla is not committed long term to the plan.
"My biggest concern, and a concern of others, is how long Mozilla will continue to do ESRs," said Kaply. "There is some indication that Mozilla only plans to do a few of these or that they plan to reduce the length of time for each edition to eventually do away with them."
Mozilla has promised to deliver at least two editions of Firefox ESR -- versions 10 and 17 -- but as Kaply noted, reserved the right to ditch the program.
"Based on the data collected and adoption of the new release process over the course of maintaining the ESR, Mozilla would announce the continuation or impending end-of-life of the program," the company said in its proposal.
While individuals unhappy with the six-week churn of the standard Firefox can shift to ESR if they want -- Mozilla doesn't intend to block them from doing so -- the company will discourage the practice.
Mozilla also reiterated earlier caveats about Firefox ESR, including a prediction that it "will be less secure than the regular release of Firefox" because new functionality and lower-level patches will not be added to the ERS channel until the next version launches.
As part of the Firefox ERS program, Mozilla also plans to retire Firefox 3.6, the January 2010 browser it still supports with security updates. The company has set April 24, 2012 as the end of Firefox 3.6 support.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com.
See more articles by Gregg Keizer.