Mozilla will create a separate Firefox release for enterprises, but it will come with less security and stability fixes. Organizations interested in such a version are invited to participate in alpha and beta testing.

Mozilla decided last year to change the release cycle gears adopting a Chrome-like process which automatically updates the browser every 6 weeks or so. While this change was welcomed by casual users, it encountered a cold reception from the enterprise. Not only Mozilla released Firefox 5 in July 2011, 3 months after Firefox 4, but it dropped support of the latter in the same time which practically forced enterprises to use an unsupported browser or start using a different one.

The Mozilla Enterprise User Working Group has come up with a proposal to introduce a Firefox Extended Support Release (ESR), proposal which was accepted by the group a few days ago. In essence, organizations will be able to choose a Firefox version that is released yearly accompanied by a number of point releases that bring only fixes for critical and high security bugs. The first ESR will be released in April, along with Firefox 10, while the next will be made available in the spring of 2013 when Firefox 17 is planned. The ESR will carry the same version number as its base release.

Having a much longer release cycle, enterprises will be able to test the browser before deploying it inside the organization, which is what they asked for, but that comes with some caveats.

An ESR reaches the end-of-life when a new version comes out. That means no more support for older ESRs. Firefox 3.6 will reach EOL in April, when ESR 10 will be released.

When a new version of Firefox will be released, ESR will receive a point update with high security bugs fixes, and no enhancements. The problem is that Mozilla will back-port to ESR only those fixes that can be ported with a “reasonable” effort. Practically Mozilla will decide which fixes to port. Lower risk fixes and stability enhancements are to be included at Mozilla’s discretion. This may leave the ESR unprotected in some cases. This is how the proposal formulates the caveat: “Over time, an ESR will be less secure than the regular release of Firefox, as new functionality will not be added at the same pace as Firefox, and only high-risk/impact security patches will be back-ported. It is important that organizations deploying this software understand and accept this.”

According to the proposal, the “ESR will not have the benefit of large scale testing by nightly and beta groups.” Organizations interested in deploying Firefox ESR are invited by Mozilla to perform the testing of the alpha and beta builds.

Firefox Mobile will not have an ESR. Also, Mozilla will “strongly discourage” the use of ESR for the general public. As a result, the ESR will be announced only via the Enterprise Wiki page, or blog posts.

Mozilla has made similar plans for Thunderbird, the first ESR version being planned to be made available along with Thunderbird 8 or 9.