Home > Computing > Reports find Firefox faces upgrade lag, security…

Reports find Firefox faces upgrade lag, security debate

The Mozilla Foundation’s Firefox browser has been facing a bit of a crisis, with the organization’s search deal with Google in limbo — and with it, most of the public foundation’s funding. While Mozilla and Google are reported to still be working on a new version of their search deal, new reports show Firefox is facing new challenges:Many Firefox users are failing to keep up with Mozilla’s rapid release schedule for the browser, and Google may be deliberately trying to undermine Firefox by commissioning security reports that tout Chrome at Firefox’s expense.

First, a new report from advertising analytics firm Chitika finds that while the majority of Firefox users are embracing Mozilla’s new rapid release methodology (which sees a new major version of Firefox every couple months), as many as a quarter of Firefox users are three or more major revisions behind, with nearly 23 percent of Firefox’s user base still using Firefox 3.0 or 3.x. The current version — this week —  is Firefox 8.


“While a majority of Firefox users have the current version of the browser, there is a significant portion—at least a quarter—who are at least three releases behind,” wrote Chitika’s Haze Jayachandran. “Firefox’s plans to allow silent updates may help this problem, though they aren’t scheduled to debut until version 12 is released.”

A “silent upgrade” feature won’t automatically migrate users of very old versions of Firefox (like Firefox 2 and 3) to new versions—the support simply isn’t in those older versions of the browser, and in some cases Mozilla no longer makes a version of Firefox for the platform. For instance, while Firefox still supports Windows XP, it left PowerPC-based Macs in the dust with Firefox 4.

Chitika also underscores the value of Mozilla’s search deal with Google, finding that nearly 80 percent of Firefox users have Google as their default search engine, as measured across impressions last week.

In the meantime, accusations are flying that Google may be trying to stack the deck against Firefox (and other browsers) by commissioning a report on browser security from Accuvant. Accuvant named Google’s Chrome the browser most secure against attacks. Accuvant’s senior research scientist claimed the test were “completely different and more extensive methodology than previous, similar studies,” and considered anti-exploitation technologies and browsers’ security methodology.

However, at least one other security firm is crying foul: NSS Labs has released its own response to Accuvant’s report (PDF), saying it appears Google may have set the testing parameters to Chrome’s advantage, in part because the test methodology completely ignored some Firefox security technologies such as frame poisoning and particular JIT hardening techniques employed by Firefox.

NSS Labs doesn’t question Accuvant’s expertise or that Chrome is working hard to be secure. In fact, NSS Labs lauds Accuvant’s discussion of JIT hardening and sandboxing tchnologies, and says it found Chrome increased its protection against traditional malware nearly fivefold just from November 22 to December 2. But NSS Labs pulls no punches about why it thinks Chrome won in Accuvant’s testing: “Google paid product reseller Accuvant to publish a report comparing browser security. However, given the deficiencies in the methodology it would appear that the main aim of the report was to undermine confidence in Firefox.”

Of course, NSS Labs is no stranger to commissioned security reports itself: A year ago, NSS Labs was commissioned by Microsoft to test IE9’s anti-malware features…and NSS Labs declared IE9 the most secure browser available.

Get our Top Stories delivered to your inbox: