Mozilla is encouraging users to upgrade to Firefox 5. However, our organization only recently started deploying...
Firefox 4. What do you anticipate our risk level might be if we stay on Firefox 4 for another 12 months or more?
One consequence of the battle for browser supremacy between the major vendors is Google and Mozilla changing their numbering system for new browser releases. Firefox 5 is the first version published under Mozilla's plan to release smaller incremental updates at a faster rate; version 4.0 was only released on March 22 this year. This compares with the longer gaps between earlier versions. Versions 3.5 and 3.6 were released on June 30, 2009 and January 21, 2010, respectively.
If you employ your own developers for your website, then they will appreciate some of the improved standards support for HTML5, CSS3, MathML, XHR and SMIL. There are some important security improvements, too. For example, a site can no longer use images loaded from other domains as WebGL textures, as they can be used to mount an attack against the user.
The main security change to affect the user interface is the increased visibility of the Do Not Track button. Firefox is the first browser to support this privacy feature on multiple platforms. When users request data from a website, Do Not Track sends an HTTP header, telling the site the user wants to opt out of any online behavioral tracking. This saves users from the impossible task of setting cookie options for every site they visit, but does rely on sites respecting Do Not Track requests. Do Not Track must be enabled.
These new features only warrant a point release rather than a new version, but maybe Firefox doesn’t want to appear old or stagnant against Chrome’s version number, which is already into double figures. This new version number race between different browsers means we have to get used to looking at version numbers differently; your policy for moving to a new version may need to be updated to reflect this new approach.
Overall improvements in speed, stability and the Do Not Track feature probably make an upgrade worthwhile. Overall, it’s usually best to use the most up-to-date version of any software, but you may want to wait for version 6, due to be released shortly, if you cannot test and roll out version 5 before then! Version 6 is slated to have a new feature called a Permissions Manager, which allows the user to choose what information about them can be shared with other sites, and is another step to giving users control over their information.
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.