Mozilla is encouraging users to upgrade to Firefox 5. However, our organization only recently started deploying Firefox 4. What do you anticipate our risk level might be if we stay on Firefox 4 for another 12 months or more?
One consequence of the battle for browser supremacy between the major vendors is Google and Mozilla changing their numbering system for new browser releases. Firefox 5 is the first version published under Mozilla's plan to release smaller incremental updates at a faster rate; version 4.0 was only released on March 22 this year. This compares with the longer gaps between earlier versions. Versions 3.5 and 3.6 were released on June 30, 2009 and January 21, 2010, respectively.
If you employ your own developers for your website, then they will appreciate some of the improved standards support for HTML5, CSS3, MathML, XHR and SMIL. There are some important security improvements, too. For example, a site can no longer use images loaded from other domains as WebGL textures, as they can be used to mount an attack against the user.
The main security change to affect the user interface is the increased visibility of the Do Not Track button. Firefox is the first browser to support this privacy feature on multiple platforms. When users request data from a website, Do Not Track sends an HTTP header, telling the site the user wants to opt out of any online behavioral tracking. This saves users from the impossible task of setting cookie options for every site they visit, but does rely on sites respecting Do Not Track requests. Do Not Track must be enabled.
These new features only warrant a point release rather than a new version, but maybe Firefox doesn’t want to appear old or stagnant against Chrome’s version number, which is already into double figures. This new version number race between different browsers means we have to get used to looking at version numbers differently; your policy for moving to a new version may need to be updated to reflect this new approach.
Overall improvements in speed, stability and the Do Not Track feature probably make an upgrade worthwhile. Overall, it’s usually best to use the most up-to-date version of any software, but you may want to wait for version 6, due to be released shortly, if you cannot test and roll out version 5 before then! Version 6 is slated to have a new feature called a Permissions Manager, which allows the user to choose what information about them can be shared with other sites, and is another step to giving users control over their information.
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown. Continue Reading
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading
WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.