In April 2011, the Mozilla foundation, which develops and maintains the Firefox Web browser, announced changes in their development approach. Firefox version 3.6 would continue to receive critical security updates (3.6.18, 3.6.21, 3.6.23. etc.) for an undefined period, at least through 2011, but it would get no new features.
Instead, the focus would shift to new versions of Firefox (4, 5, 6, 7, 8, …), which would be released about every 6 weeks, in a “rapid release development cycle”. Most important, each new version would rarely receive critical security updates; instead, important security fixes would be incorporated into the next version. In other words, version 5 contained the security and bug fix patches for version 4; version 6 contained the security and bug fix patches for version 5; etc.. Here’s another way to look at it: the day that Firefox 7 was released, version 6 was considered “end of life”, and would no longer receive any updates or Mozilla support.
But there is a big implication that most Firefox users missed: to keep the new Firefox secure, you have to keep up with every new version as it is released! Because Firefox is a Web browser, it is one of the most vulnerable applications to malware attacks and security exploits from the network, so it’s one of the most important applications to keep up-to-date.
So why am I writing to you? One or more of the computers you use has one of the new versions of Firefox, but not the very latest version 8. That means your computer is vulnerable to malware, so it needs to be fixed right away by getting the latest version installed. Or, you can revert back to version 3.6.23, which is the version we recommend on campus. Only version 3.6.* is compatible with all the major Web applications used on campus; newer versions are not, so we do not recommend them (yet).
If you want to fix the problem by reverting to version 3.6.23, contact the ITS HelpDesk today at x5999 for help. They will help you do this in a way so that your Firefox settings (bookmarks, cookies, add-ins, configuration) are preserved, as much as possible. They will also assist you in getting your computer onto a KBOX patching schedule, so that Firefox 3.6 will stay up-to-date as long as Mozilla continues to support it.
If you’d rather keep using the new version of Firefox, even though it doesn’t work with everything used at Carleton, there are several easy ways to get the latest version. When you launch Firefox, if it offers a new version, accept it. (If necessary, enter root or admin login credentials when prompted.) If it does not offer a new version, look for one: from the Firefox dropdown menu at the top left, choose Help, then About Firefox, then choose the “Check for Updates” button. Letting Firefox upgrade itself guarantees that no settings will be lost, and that any add-ins will be checked for compatibility.
Once you get a new version of Firefox up to version 8, then you need to keep it up-to-date. One way to do this is to configure Firefox to look for new versions, which you accept as soon as they are offered. To make this change, from the Firefox dropdown menu at the top left, choose Options, then Options. The choose Advanced, then choose the Update tab. Where it says, “Automatically check for updates to:”, make sure Firefox is checked, and save any changes. Upgrading Firefox this way means you will have to enter root or admin login credentials when you are prompted, for every upgrade.
But there’s a simpler approach. If a college-owned computer with the KBOX agent is on a KBOX patching schedule, then it will automatically receive security updates while retaining your settings, not just for Firefox, but for many common (and vulnerable) applications. That means that any of the Firefox new versions 4, 5, 6, or 7 will be updated to version 8, and continue being updated as new versions are released. (Firefox version 3.6 will be updated only to the latest 3.6.* version, not to any of the new versions.) And KBOX patching makes no demands on you to enter any credentials or check any versions or change any configuration. Contact the ITS HelpDesk at x5999 to get your machine on a KBOX patching schedule, or login to the KBOX user portal (from a Web browser on campus, enter: go/kbox ) to self-subscribe to one of the published patch schedules.
As always, you can find more information on these topics in Carlpedia. There is also a nice overview on Wikipedia of the “History of Firefox”. If you have any questions or need any help, please contact the ITS HelpDesk at x5999.
Disclaimer: This information was correct as of when it was created based on Sande's best knowledge. If this page has been edited by anyone else, Sande is not responsible for the accuracy of the information.