Mozilla has proposed a significantly slower Firefox release pace for enterprises, the result of a corporate backlash earlier this year against an accelerated scheme that ships a new edition of the browser every six weeks.
If the proposal is adopted, Mozilla will deliver a new version of Firefox to enterprises every 30 weeks, five times slower than to consumers. During each 30-week stretch, Mozilla would issue only security updates for the browser. In addition, each enterprise edition would be supported for an additional 12 weeks after the release of its successor, assuring companies 42 weeks of support for each version.
[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]
Mozilla now discontinues security support for a specific version of Firefox as soon as the next in line appears.
"These proposed releases would provide organizations with additional time to certify and deploy new versions of Firefox while mitigating some of the security risks of staying on an older release," said Kev Needham, Mozilla's channel manager, in a post to mozilla.dev.planning discussion forum.
The interim security updates would be limited to patches for vulnerabilities rated "critical" or "high," the two most-serious rankings in Mozilla's threat scoring system. What Mozilla calls "chem spills" -- emergency fixes labeled "out-of-band" by other vendors like Microsoft and Adobe -- would also be included in the updates between each 30-week release.
Mozilla is calling the new release concept "Extended Support Release," or ESR. If the proposal is approved, ESR would kick off with either Firefox 8, now slated for delivery Nov. 8, or Firefox 9, which is planned to ship Dec. 20.
If ESR begins with Firefox 8, adopters would not receive a new version of the browser until Mozilla ships Firefox 13 on June 5, 2012.
"I think the proposal addresses most of the concerns of enterprises," said Mike Kaply, a consultant who specializes in writing Firefox add-ons and in customizing the browser for corporate clients.
Kaply was one of the critics who last June blasted Mozilla's rapid release schedule , saying that the six-week scheme was unworkable for enterprises because it did not give them enough time to test each update. Kaply and others raised additional issues, including Mozilla's decision not to support older editions with security updates, forcing companies to choose between running an untested browser or one that had known vulnerabilities.
Mozilla took heat over the six-week schedule, in part because Asa Dotzler, a director of Firefox, said that enterprise "has never been (and I'll argue, shouldn't be) a focus of ours," and dismissed corporate users as "a drop in the bucket."
Rival browser maker Microsoft inserted itself into the controversy to pitch its Internet Explorer browser as better suited to enterprise needs.