If you haven't gotten the automatic update notification, now would be a good time to go to your Firefox Help menu and click Check for updates.
I know that some have been complaining about the regularity of our security and stability updates and I'm interested to hear more from you if you're one of those people.
Posted by: Randy Peterman | October 19, 2007 10:05 AM
I like updates, but my Thunderbird hasn't updated. I know this has been discussed before, but Thunderbird lacks attention from developers.
From my humble user point of view, Firefox is your top priority (I'm not against this at all) but it would be nicer if your other products would receive the same priority, at least for security/stability patches.
Cheers
Posted by: Brassen | October 19, 2007 10:41 AM
@Brassen:
Thunderbird 2.0.0.8 is on the way but it'll be another couple of weeks. None of the announced vulnerabilities are a problem if you keep JavaScript turned off in mail except maybe the URI %-encoding fix. We prevented the known exploit in Thunderbird 2.0.0.6 and so far have not seen a way to exploit the remaining issue that was fixed this time (though Billy Rios and Nate McFeters showed an example that's half-way there), but it was better to fix it that to wait and see if someone could write a better attack.
Had Thunderbird users been at risk in the default configuration we would have shipped an update sooner, but since they're not we don't want to kill the QA team trying to get this released. We want them fresh in case a "firedrill" situation comes up.
Posted by: Dan Veditz | October 19, 2007 11:24 AM
Brassen,
We're working on TB 2.0.0.8. I met with people in build, development, and qa about it yesterday and today, in fact. We're going to do a Thunderbird testday next Friday for TB 2.0.0.8 and should be testing it early next week.
Trust me, we want it out as well and it was our immediate priority as soon at Firefox shipped.
Posted by: Al Billings | October 19, 2007 1:39 PM
Brassen,
It's just usual release management.
Thunderbird release are usually made after Firefox.
Thunderbird is much more protected to some attacks because usually you don't let javascript running automatically when a email arrive...
You can also remark that firefox 3 alpha build are not released at the same time as firefox security releases. That doesn't mean nobody is working on it...
For example, see http://oduinn.com/2007/10/22/firefox3alpha8-by-the-wall-clock-numbers/
which somehow talk about this.
Posted by: matp75 | October 23, 2007 9:04 AM
I appreciate it every time my browser udpates. There is security in knowing I'm secure (at least until the next hole is found and patched). Thanks for all the work the Firefox team does!