In what can only be a wise move, Mozilla decided to release an ESR version of Firefox, which will be replaced once a year and patched in the meantime. A six-week cycle is perhaps manageable for home users, but it’s downright lunacy for corporate environments. It’s hard enough to test and deploy pure security fixes in 4-6 weeks, let alone test something that introduces entirely new features and deploy it.
I’m not sure that corporations and Mozilla want each other all that much, but they need each other. It’s a cheap way for a corporation to improve its security posture, as long as testing, deploying, and keeping it up to date isn’t a full-time job for someone.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.