the Firefox browser is now responsible for a full 20% of web traffic. As the
number of Firefox users grows, so does the need for top-quality support;
20% makes for a large number of potential attack points. So it is
interesting to note that Mozilla is now planning to end Firefox 2 support
near future, perhaps before the end of the year. This change could leave a
lot of users - and not just Firefox users - in a difficult position.
One obvious question to ask would be: have most Firefox users moved on to
Firefox 3? Apparently, about two out of three users have made the
change, but millions of users have yet to move away from the older
browser. The Mozilla project would like to get as many of those users to
switch before ending support; that, in turn, requires looking at why they
haven't yet upgraded. There seem to be a few prominent reasons beyond
- Some users have systems which are not supported by Firefox 3.
Many of these, it seems, are running old versions of Windows - 9x or
NT4. In these cases, the operating system itself has long since
ceased to receive support, so it's not entirely clear that continuing
to support the browser does a whole lot of good.
- Others are dependent on extensions which have not been ported to
Firefox 3. While most actively-developed extensions
were ported some time ago, it appears that there are quite a few extensions
which, while still having significant numbers of users, have been
abandoned by their developers. Zack Weinberg has suggested that the project could make an
active effort to find new maintainers for those extensions, or even
fix a few of them itself.
- The Firefox 3 experience is not problem-free for all users; there have
been some complaints about printing on some systems, for example.
Finding - and fixing - the remaining blockers is clearly an important
thing for the Firefox developers to do.
Somehow, ways will probably be found to coax most of these users into
moving forward to a newer browser. Beyond doubt, though, some will be left
behind, and some of those may learn the hard way what "unsupported" really means.
But that will be true no matter how long Firefox 2 is supported;
there's never a way to get all users to upgrade. Firefox is not different
from any other application in this regard, with the sole exception that its
user base is larger than most.
There is another important aspect to this story, though: this decision will
affect users well beyond those who use Firefox. The end of Firefox 2
support will also bring an end to support for the Gecko 1.8.1
platform. And this version of Gecko is used by several applications beyond
Firefox, including Camino, SeaMonkey, Sunbird, Miro, Instantbird, and Thunderbird.
All of these platforms currently use Gecko - the soon-to-be-discontinued
version of Gecko - for HTML rendering.
There is a fair amount of concern about Thunderbird in particular. This mail client was
recently kicked out of the Mozilla nest to fend for itself. Thunderbird
developers are working toward a Thunderbird 3 release (the third
alpha release came out in mid-October) which will use a newer version
of Gecko. But the 3.0 release is still several months away - some months
after the end of Gecko 1.8.1 support. Naturally enough, the Thunderbird
developers worry that their current users will be running in an unsupported
mode; that does not strike them as the best start for their
The word from the Mozilla Foundation seems to be that the Gecko platform
will continue to be supported, in some minimal fashion, for a while yet.
According to Samuel Sidler:
The triage and release team that currently works on Firefox and
Thunderbird 2.0.0.x releases will continue to triage requests for
Thunderbird 2.0.0.x and maintain its releases until six months
after the release of Thunderbird 3.
Note that this will mean that browser-specific security and
stability bugs will likely be ignored/minused. We'll only be
considering bugs that affect Thunderbird 2.0.0.x.
So it seems that Thunderbird should be covered - as long as the people who
decide whether bugs are "browser-specific" do their job properly. But
experience has shown many times that it can be hard to understand the full
implications of a given bug. It would not be all that surprising for one
or more "browser-specific" bugs to turn out to be fully exploitable in
Beyond that, though, applications like SeaMonkey and Camino are
browsers. Developers from those projects are, needless to say, concerned
that their needs are not being taken into account. They are not attracted
by the idea of shipping a browser based on a platform where
browser-specific bugs are being ignored. Mozilla developers have tried to
reassure these groups that the situation is not as bad as it seems, but how
things will work for them is far from clear. The real answer was, perhaps,
suggested by Samuel:
The community can take over this branch, just as has been done for
Gecko 1.8.0 (currently managed by Linux vendors)
In other words, Mozilla would like to outsource the maintenance of this
code to the community, and to distributors in particular. The good news is
that this is free software, so this kind of extended maintenance is
possible as long as the interest is there to do it. Gecko is a non-trivial
body of software to maintain, but it should be possible for the various
interested projects, along with distributors still shipping this code,
to pool their effort and get the job done. In their spare time, perhaps,
they can give some thought to how they might avoid getting caught in the
same situation when Firefox 3 reaches the end of its supported life.
to post comments)