No Additional Firefox 4 Security Updates

CWmike writes "Unnoticed in the Tuesday release of Firefox 5 was Mozilla's decision to retire Firefox 4, shipped just three months ago. Mozilla spelled out vulnerabilities it had patched in that edition and in 2010's Firefox 3.6, but it made no mention of any bugs fixed in Firefox 4 on Tuesday, because Firefox 4 has reached what Mozilla calls EOL, for 'end of life,' for patches. Although the move may have caught users by surprise, the decision to stop supporting Firefox 4 has been discussed within Mozilla for weeks. In a mozilla.dev.planning mailing list thread, Christian Legnitto, the Firefox release manager, put it most succinctly on May 25: 'Firefox 5 will be the security update for Firefox 4.' Problem is, users are being prompted to upgrade now but are hesitant because the new rapid release of updates means many add-ons are not compatible. And without security updates in between, many could be left exposed with unpatched browsers."

Re:BS Article

[andymadigan]

As I remember, the Mozilla Add-ons site does not allow plugins to be posted if they have a maxVersion that hasn't been released yet (that's the gist of it anyway).

You might be able to post an add-on with a maxVersion of 4.1alpha or something, but it would break on 4.1 final. Of course, there's no way to quickly re-enable the add-on, because Mozilla thinks you can't be trusted to run your own browser, an interesting concept coming from open source software.

Google Funds Most of Firefox Development...

[Ron Bennett]

Mozilla Corporation gets most of its funds from Google. Something to keep in mind in regards to the future of Firefox...

My gut says, barring some significant change in funding / lead developers, that Firefox's future is bleak - what's happening now feels to me so much like what happened back when Netscape jumped the shark with their bloated Communicator suite. People bailed in droves.

The ideal situation would be for a group of developers to fork Firefox 3.6.x, throw in some of the improvements from 4, and run with it. Many would be greatly appreciative, and likely support it in both time and donations; don't make the same mistake as Mozilla Foundation has in regards to relying too much on any one major donor.

Re:BS Article

[TheRealGrogan]

Yes, I agree, the arbitrary version compatibility strings are the problem, for extensions in a lot of cases. A move from 4.x to 5.0 should not actually break many (or any?) extensions, because they haven't changed those interfaces.

If there's no update for an extension that is essential and the versioning doesn't jibe, there's this extension:

https://addons.mozilla.org/en-US/firefox/addon/add-on-compatibility-reporter/ [mozilla.org]

That allows you to ignore the compatibility version check, enable disabled extensions and submit "this extension works" or "this extension doesn't work" to developers.

I'm using Firefox 5.0 in Linux (self compiled), but in Windows I use Nightly, because it gives me a 64 bit firefox that gets updates. When Nightly reached a version number that was to disable my Status4Evar addon, I used the tool to enable it again and it's still working with the firefox version being 7.0a1

add-ons are to firefox what software is to windows

[johncandale]

the only real reason to stay with firefox is the add-on's, just like one few the few reasons to stay with windows is the huge software library. They need to fix breaking add-ons, and they need to do it now