Analyzing The Impact of Firefox Update Notification Lag on Security

In a previous post about Firefox I proposed that the lack of automatic deployment of Firefox software updates is a disservice to the vast majority of Firefox users who may not bother to check in for updates. Today I found out another interesting tidbit: the Mozilla Foundation doesn't turn on Firefox's automatic notification feature for several hours after a new Firefox version is available.

Rafael Ebron, product marketing manager at the Mozilla Foundation, says this is to prevent a flood of people trying to get updates all at once. That's a logical reason, and the folks in charge of Firefox have done a great job of addressing security bugs before attackers have a chance to turn them into exploits. That said, I think they should reconsider this notification lag; it's just another potential crack in Firefox's otherwise hardy defenses.

The link for this article located at Network Magazine is no longer available.