Some corporate IT managers are unhappy with Mozilla's decision to push out new editions of Firefox every six weeks with its new rapid-release program.
Their beefs center around the retirement of Firefox 4 from security support -- a move Mozilla decided on this spring when it kicked off its fast-paced regime -- and their inability to test any new version before the next comes down the pike.
[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]
"The Firefox 4 EOL is a kick in the stomach," said John Walicki of IBM, referring to the "end of life" of the browser Mozilla launched just three months ago. "I'm now in the terrible position of choosing to deploy a Firefox 4 release with potentially unpatched vulnerabilities, reset the test cycle for thousands of internal apps to validate Firefox 5, or stay on a patched Firefox 3.6.x."
Walicki, a manager of workplace and mobility in the office of IBM's CIO, made that observation Thursday in comments to a blog post by Michael Kaply, a consultant who specializes in customizing Firefox and helping clients deploy the open-source browser.
When Mozilla launched Firefox 5 on Tuesday, it immediately retired the predecessor, Firefox 4, from security support, meaning it will not patch vulnerabilities in the three-month old browser. Instead, Mozilla considers Firefox 5 to be not only the newest edition, but also the security update to Firefox 4.
That may work for consumers, but it doesn't for enterprises, said Al Hilwa, an analyst with IDC. "A major version change is a big signal to the enterprise that there's something drastically different, and a signal that [IT] needs to do its due diligence," said Hilwa. "People in the enterprise are in the habit of evaluating every bit before they put it on workstations."
Walicki, who did not respond to email requesting an interview, said as much in his comment on Kaply's blog. "I have 500,000 corporate users on Firefox 3.6," Walicki said. "We're just completing a test cycle of Firefox 4 on many thousands of internal business Web applications. Many hundreds of application owners and their test teams have participated. We gave them several months to ready themselves. We worked with dozens of internal Add-On developers and product teams to prepare their add-ons for Firefox 4. We're poised to deploy Firefox 4.01 in 3Q when the corporate change freeze lifts. Education programs, documentation updates, communications all are planned."
IBM adopted Firefox as its default browser in mid-2010.
The problem, said Walicki, is that that time was essentially wasted: IBM has not yet rolled out Firefox 4, and it's now retired from support. And to repeat the process with Firefox 5 could be just as fruitless. "By the time I validate Firefox 5, what guarantee would I have that Firefox 5 won't go EOL when Firefox 6 is released?" he asked.
In fact, that's just what Mozilla intends to do.