If you don't want security updates, turn off automatic updates, see the configuring update options section at Update Firefox to the latest release

Man Man Man. How many patches do you guys need? Seems like every time I start any program like Firefox I need to upgrade to a new version first. These software updates are getting out of hand. Can't you concentrate on producing quality for a change rather than racing ahead to feature oblivion?

You know, a Smart User would thank Mozilla for coming up with Firefox 3.6.12 to fix the 0-day (zero-day) vulnerability that was discovered by internet security experts on the day before Firefox 3.6.11 was released. It took them less than a week to come up with, and release the patched version - 3.6.12. Would you prefer that Mozilla sit on the fix for a month or so, rather than release it as soon as it is ready? So far this year there have been 9 minor updates since Firefox 3.6 was released on January, that works out to be like one every 4 weeks.

See:

• https://developer.mozilla.org/devnews/index.php/2010/10/27/firefox-3-6-12-and-3-5-15-security-updates-now-available/
• http://www.mozilla.org/security/known-vulnerabilities/firefox36.html

No. I'm happy they released a security update this time. It's all the other crud that I worry about. I write code too.

73 vulnerabilities in 3.6 in 2010. And that doesn't even include those related to Adobe Flash.

What do you think the root cause is of the vulnerabilities in the first place? Poor requirements analysis? Poor architecture? Poor design decisions? Poor coding? Poor QA perhaps?

I'd prefer that they designed and tested their software more thoroughly in the first place, and had a more regular release cycle that was perhaps a bit slower and a bit more stable (like Ubuntu), rather than rushing code out so fast that seemingly every time I walk up to use a machine it congratulates me on having installed the latest version of at least one app.

Or else a smarter way of patching than downloading and reinstalling the whole app every time.

People who manage hundreds of machines, or live in places with lower speed Internet connections, have real problems with the updates.

Plug in coders have no chance of keeping up either.

And just look at the mess they call Thunderbird 3. It's so bad they're virtually going to skip an entire major release just to try and keep up with Gecko.

Quote: As the first concrete-step towards agility, 3.1 will be a short-cycle release (~4 months) based on 1.9.2. The intents of this release are primarily:

Update to a version of Gecko further from end-of-life than 1.9.1 Provide a softer landing pad for Thunderbird 2 users so that we can do a prompted major update for them

Quote: Warning: Although this page is currently called 3.2 we do not know if it will be 3.2, 3.5, 4.0 or whatever. The nightly builds are currently 3.2a1pre, but that's just because that is the lowest increment from 3.1

A 4 month lifetime for a major release train. It's plain crazy.

I loved Thunderbird 2, but I've now switched clients. I loved Firefox, but I find I'm using safari more and more.

Thunderbird isn't even an official Mozilla project any more, so whatever they decide to do with that project is best to discuss in a Thunderbird support forum. It was handed off to its' developers a few years ago, just as was done with the Mozilla Suite, which was renamed SeaMonkey when that happened. Firefox (and the internal Gecko code) is the only official Mozilla project these days. Everything else out there that is "Powered by Mozilla" is a 3rd party project, independent of Mozilla except for using the same base code and getting some support from Mozilla when it might be needed.

You have to be joking when you compare Ubuntu's April and Otcober release schedule of a new major version to Firefox's major version release history.
http://en.wikipedia.org/wiki/Mozilla_Firefox#Release_history
Firefox 1.0 to 1.5 = ~ 1 year
1.5 to 2.0 = ~ 11 months
2.0 to 3.0 = ~ 8 months
3.0 to 3.5 = ~ 1 year
3.5. to 3.6 = ~ 7 months
And the way development is stalled right now on 4.0b7, it's liable to become a full year between 3.6 and 4.0.

As far as Ubuntu updates, I get notification of those every week, individual package by individual package vs. Firefox packing most of their fixes into a minor version update package x.x.# - the exception being a major security fix like what brought about 3.6.12, Mozilla doesn't "sit on" a security fix like that, they fix it pronto - within 48hrs for 3.6.12.

erm Ubuntu is a complete operating system environment including server, desktop, and applications. I've run the LTS version for years with few worries. Firefox is (just) a web browser. A fair number of my recent Ubuntu updates have been Firefox related.