April 24th, 2007

Mozilla extends Firefox 1.5 support

Posted by Ryan Naraine @ 1:09 pm

Categories: Botnets, Browsers, Data theft, Exploit code, Firefox, Google, Metasploit, Mozilla, Open source, Patch Watch, Pen testing, Privacy, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: Mozilla Firefox 1.5, Mozilla Firefox, Mozilla Corp., Ryan Naraine

Mozilla seems to be having a hard time pulling the plug on Firefox 1.5.

After today, the open-source group planned to stop shipping security and stability updates for Firefox 1.5 but now I'm hearing that support has been extended to the middle of May.

The grand plan was to use the expiration of security support to nudge Firefox 1.5 users to upgrade to the more solid Firefox 2.0 but it appears that some big-name Mozilla partners are not ready to make the move.

Adrian Kingsley-Hughes mentioned the corporate angle earlier today:

The shorter product lifespan comes as the Mozilla team has moved to a consumer-oriented model.  This is good for home users but not so good for corporate users who tend to be slow (sometimes glacially so) in adopting updates.  It also sucks for Linux users who make use of distros that don't, and won't, support Firefox 2.0.

Officially, Mozilla hasn't given a reason for the support extension.  I've put in a few queries and I'm still waiting for a response. 

[UPDATE:  April 24, 2007 at 8:13 PM] Basil Hashem, senior director product management at Mozilla, provides an explanation for the support extension:

"Mozilla ensures that we provide security and stability releases for multiple versions of the Firefox product. We have communicated the plan for an end of life of the Firefox 1.5.0.x series of products since November of last year. Yet, we encourage users to upgrade to the latest version of Firefox to take advantage of new functionality that is available.

The original end-of-life date for Firefox was April 24th, we decided to extend that out by a couple of weeks in order to allow for an additional Firefox 1.5.0.x release that incorporates the ability to accurately offer the user a chance to perform a major update (1.5 -> 2.0)."