Mozilla Spins the Bugs

When Firefox was first introduced, it was widely promoted as the safer browser. Some writers went as far as to leave of the “er”, to them it was the “safe browser”. Its now June 2007 and Mozilla now has a security blog. Interesting.
Time to parse their post from 6/18.
I find it interesting that the writer attempts to dismiss ‘number of vulnerabilities’ as meaningless. I also think it is freaking hilarious that they are bragging about their software update system. If we go to the archives, we’ll find that was one item that was extremely lacking in earlier releases. There was no prompting for upgrades.
The current system still isn’t exactly enterprise ready. Rather than creating patches, they require full installs. Instead of occurring in an enterprise approved manner as with patching software, it occurs in an ad hoc untested manner as users open Firefox after the patch is released. If user’s don’t use the product, it doesn’t get upgraded. That is fine as long as the vulnerability can’ be called from outside of Firefox.
I’m still wondering what is going to happen with Firefox 1.5 at the next patch release. They said it was done after mid-May, but then they patched it anyway. The 1.5 upgrade monitor doesn’t prompt you to upgrade to 2 or warn that 1.5 is end of life.