Mozilla has told Firefox users that it will no longer be updating version 2 of the browser and they should upgrade to version 3 right away. The warning came alongside a security update patching ten problems, four of them critical.
The critical problems involve cross-site scripting. That’s a serious concern as it allows the unauthorized transfer of data that a user sends to one site (such as a legitimate online bank) to another site (such as one used by hackers to harvest information).
Three of these issues affect all editions of the browser while the other is specific to version 2: a previous fix for that issue has now been found insufficient. However, Mozilla warns that that’s your lot, saying it “is not planning any further security and stability updates for Firefox 2, and recommends that you upgrade to Firefox 3 as soon as possible.”
The built-in ‘phishing protection’ service is also being withdrawn from Firefox 2, making the upgrade even more important.
It’s certainly unfortunate timing to announce these problems just as major news outlets (led by an Associated Press report) are recommending users switch away from Internet Explorer. That said, new users will almost certainly be considering downloading version 3 so, while the publicity might put them off, they won’t be as likely to experience security problems in practice.
There’s also a change to the licensing situation for the browser. In the past users agreed to a traditional-style End User License Agreement upon installing the software, but some argued such a document was unnecessary for what’s intended as an open source product. In the updated version 3, the EULA has been replaced with an information bar titled ‘Know Your Rights’
In theory this change could end a longstanding debate about whether Firefox should technically be considered an open source product. However, it appears Mozilla is continuing to trademark the browser’s name and logo and insisting that most modifications of the software continue to use that branding.