Enterprise Software

Has the Mozilla Foundation lost its collective mind?

After a long downward trend in quality for the Firefox browser, the Mozilla Foundation has decided to add insult to injury by eliminating the ability to at least stick with an older version until extensions are updated to the newest -- and to do so after only three months of release status for version 4.

Over recent years, my articles about Firefox have been getting less complimentary. Watch the trend, with a selection of articles:

  • Microsoft may be Firefox's worst vulnerability: In the words of Annoyances.org about a .NET service pack update in 2009, "This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may've originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste." In a follow-up article, Microsoft makes Firefox vulnerable; Mozilla responds, I related to readers the message of a Mozilla Firefox warning, "Firefox has determined that the following add-ons are known to cause stability or security problems". It referred, of course, to extensions pushed by Microsoft updates.
  • Fine-grained cookie management in Firefox: While its functionality in this realm is far from perfect, this article explained that Firefox offers fine-grained cookie management capabilities unmatched by its biggest competitors. This offered a more hands-on, Firefox-specific explanation of how to accomplish what I described in an earlier article, Paranoid cookie management.
  • Is Firefox + Perspectives the most secure browser For TLS/SSL encryption?: Due primarily to the fact that, at the time, the Perspectives verification tool was available as a Firefox extension, but not as an extension on other browsers, I suggested that Firefox might be the most secure browser available for purposes of encrypted connection to websites. Since then, of course, Perspectives has made its way to Chromium. A later encrypted browsing security enhancement extension for Firefox, HTTPS Everywhere, was described in HTTPS Everywhere makes SSL/TLS easier; it is still not available on Chromium, the biggest competitor for Firefox, because of the functionality breaking limitations of Chromium's extension system.
  • Pentadactyl: Firefox for Vim junkies: This article could be summed up with a sentence near the end of the article that reads "Considering the annoyances imposed on my life over the last three major versions of the Firefox browser, starting with the memory leak that is not actually a memory leak (see 'memory fragmentation'), the usefulness of Pentadactyl for a heavy user of vi-like editors like me is the biggest reason I still use that browser." Once again, the limitations of the Chromium browser's extension system keep me tied to Firefox for now.
  • The Scrapbook extension: Better bookmarks for Firefox: Where the article about Pentadactyl described a reason to stick with Firefox, this article described a way to use an extension to make up for one of the more annoying problems of Firefox, since I end up having to use Firefox despite its failings. The tenor of my articles about Firefox has become distinctly sour.

Recently, the Firefox developers have evidently decided to engage in a bit of version number inflation, as if having a higher version number means a given browser is somehow "better" than a competitor with a lower version number. It is playing catch-up to Chromium and IE, not in functionality but in the marketing value of a version number. New major version numbers are being incremented where fewer and smaller changes have been made. Of course, with each new major version number, a lot of extensions break until their developers update them — if the extension developers do not give up because of the sheer weight of development overhead imposed by version incompatibility. This struck me as a pretty poor way to keep users happy, but not the world's biggest problem (at least for now).

Then, I learned something new. Mozilla community development director Asa Dotzler posted the following to the mozilla.dev.planning discussion group:

So, this is a discussion section, not an authoritative answers section.

That being said, there already has been a 4.0.x release and there may be

another if a critical security issue arises that requires a "chemspill"

unplanned emergency fix. But that would be an unplanned emergency

release and not a planned one. The planned security update for Firefox 4

is Firefox 5.

In short, it looks like Firefox 4 is effectively getting its EOL (end-of-life walking papers). In case the full impact of that has not yet set in, recall this: Firefox 4 only reached release status in March 2011, and this is only three months later. As of today, I have received reports of Firefox 5.0 being pushed out as an automatic update for people running Firefox 4.0.1 on their computers, whether they wanted it or not, with a notification that the next time they start their browsers they will be running version 5.0 [1]. Expect broken extensions [2].

A three-month turnover rate is absurd, especially when this is not just an announcement that there will be no more functionality updates or non-security bugfixes, but also that there will be no planned security updates. This essentially came with zero warning to the vast majority of users, and even those paying the closest attention to such matters (but outside of core Mozilla development, presumably) got to measure their forewarning in days rather than months or years. Now, with the Mozilla foundation taking the extreme measure of treating 5.0 as the security update for 4.0.1, breaking extensions with changes unrelated to security along with the only way that needed security updates can be acquired, those of us who rely on our extensions to make Firefox usable are faced with a harsh dilemma. We must choose between two unpalatable options:

  1. We can take the update, and have critical functionality on which we rely break for an unknown period of time while we wait for extension developers to add support for the new Firefox version.
  2. We can refuse the update, sticking with a version of Firefox that no longer gets planned security updates, hoping that the potential security issues of doing so will not bite us.

This assumes that we have not been caught by surprise by an automatic update.

Well . . . there are other options. We could switch to Chromium, if the disruption would be less significant than the disruption of moving to the next major version of Firefox. We could switch to Uzbl, if that is a more palatable option, or even Surf if you finally decide that the benefits of highly functional, feature-rich, extensible browsers are no longer worth the bloat, instability, planned obsolescence, and security chaos that comes with such such benefits. The biggest problems with Uzbl, in my experience, are the license (your mileage may vary, but for my purposes the closer it is to copyfree licensing, the better) and the fact that a lot of functionality to which I have become accustomed would need to be implemented from scratch as extensions for it.

At least I can suffer through the use of Uzbl as my primary browser for short stretches. I have done so in the past. If I get effectively forced into an upgrade to Firefox 5.0 before the extensions I must have support it fully, I will just use a combination of Chromium and Uzbl as a stopgap measure. I already offload some of what I used to do in Firefox to Surf, though, just to escape the problems that plague the more-featureful Mozilla flagship browser.

Firefox has, in my experience, gotten worse with every version update in its lifetime. More specifically, ever since the name change from Firebird to Firefox (thanks to a clash with the name of the Firebird DBMS), it has all been downhill. I expect the future to be more of the same.

If Chromium adds the stronger extension support I need in the next couple years, I will probably switch to that. If it does not, and Firefox does not turn the ship around and start heading back to friendlier waters in terms of functionality, stability, security, and release policy sanity, I suspect I'll eventually just end up forking Surf to get the closest thing I can to an "ideal" Web browser. Now, more than ever, I feel like there is no such thing as a good browser.

There's only a "not quite as awful as the rest" browser. For today, I am not even certain which browser that is, though.


[1]: freebsd-questions mailing list example of "forced" upgrade

[2]: If you want to turn off automatic updates of Firefox, check the Advanced > Update tab in your Options/Preferences dialog.


Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks