Mozilla just released a security bugfix release straight after the final release. The new version fixes several security related issue discovered originally by the Pwn2Own conference.
This release is only a bugfix release and doesn’t offer anything new or changed compared to the 59.0.0 release. Mozilla is also going to fix a security problem which recently got discovered during the Pwn2Own 2018 hacking content there going to update their security advisory page in the coming days.
The Pwn2Own conference found this year a way to bypass Mozilla’s Sandbox and a Windows Kernel Escalation of Privilege.
- Various security fixes
The update will be rolled-out in the next hours within the Firefox updater.
Mozilla Firefox 52.7.2 ESR
Bugfix release after each new release – why?
Mozilla’s new strategy seems to release 0.1 versions right after the final versions and there is not really an explanation given. It’s not the first time Mozilla did this and if there already known problems from the final release they must have been known this already at the same time when there rolled-out the final release because it usually takes some time to identify, review and verify the issue.
This makes me asking why Mozilla not just wait and release the ‘real’ version including the small bugfix within the first final release. That could be marketing related strategy to bump their Browser. Since there is no explanation given it’s difficult to say if it’s a quality management problem or PR. Usually bugfix releases are rolled-out after more than one week to address several things – and not just only one or two things – after the major release but it seems changed now, it also could have something to do with the schedule but I think everyone would understand when the release (in terms of quality) would be moved to another day.
The release makes me wonder why no one is checking the final builds before their rolling out to avoid this, especially because the Pwn2Own findings got already submitted longer time ago to Mozilla. So at the end you basically always can ignore the final build and wait for the bugfix release instead which saves the troubles to re-download basically the same Browser with only a minor change in it. The admin can also use this strategy instead so he doesn’t have to roll-out the same browser for it’s clients which saves bandwidth and time resources.
Anyway people are might be thankfully that Mozilla reacted quickly to fix this issue but this would not have happened in the first place by just waiting two more days to release the build, security wise it’s good to stay up2date but this not affects everyone so I think the better strategy is to release it for everyone straight for the beginning to avoid confusions.
Article was corrected, added the proper changelog among the ESR download links.