Firefox 11 release postponed due to security issues - Update
The Firefox team has announced that they are postponing the release of Firefox 11, originally planned for today, because of a security report which the team wants to evaluate to make sure the issue will not impact on their code. Jonathan Nightingale, Mozilla's Senior Director of Firefox Engineering, also Microsoft's monthly Patch Tuesday security update, also scheduled for today, as a reason to hold back on releasing the new Firefox version.
Nightingale says there is no reason to expect any issues, but they would rather ship Firefox 11 after they have evaluated the Microsoft updates as they have "interacted badly" with Firefox before. Firefox releases are generally planned far in advance, in accordance with the changes Mozilla enacted with respect to its development cycle last year.
It is notable that it decided to halt the release of Firefox 11 this close to the planned date. At this point, it is not known if the delay is related to Firefox's fall at last week's Pwn2Own contest, but the vulnerability report is coming from ZDI (Zero Day Initiative) who organise the Pwn2Own competition.
According to Nightingale, no new date has been set for the eventual release of Firefox 11, but interested users can, as usual, download development versions of the browser from the development channels provided by Mozilla (The current beta channel contains what will eventually be released as Firefox 11 while the Aurora channel provides alpha releases).
Update: Nightingale says that the release will, with some caveats, be going ahead. In an update to the original blog posting, he says that the ZDI vulnerability had already been fixed "through our internal processes" but so that the company could get a better idea what impact "Microsoft's 'Patch Tuesday' fixes" would have, it would "initially release Firefox for manual updates only. Once those impacts are understood, we’ll push automatic updates out to all of our users.".
- Mozilla starts work porting Firefox to Windows 8's Metro interface, a report from The H.
- ASLR to be mandatory for binary Firefox extensions, a report from The H.