Mozilla has reportedly stopped issuing security updates for its open source Firefox web browser as it looks into a bug that is causing some users' systems to crash. According to InfoWorld, the non-profit organisation behind the development of Firefox is no longer alerting users of older versions to upgrade to the latest releases – typically users automatically receive an update notification within 24-48 hours of the release being available.

Last week the browser maker issued updates for Firefox, version 3.6.9 and 3.5.12, to address a total of 15 vulnerabilities, with 10 of them rated as critical by the developers. Some users noted that they were not being notified of updates; when asked about the issue, Mozilla VP of Engineering Mike Shaver said that, "We've limited updates to Firefox 3.6.9 and Firefox 3.5.12 at this time as we evaluate some early feedback which indicates that a subset of our user base may be finding the releases unstable".

Based on the Bugzilla bug report, the issue appears occur most often during browser startup and seems to affect all three platforms – Windows, Mac OS X and Linux. A separate Bugzilla entry requested that the updates be turned off while the bug was being investigated. Older versions of Mozilla will not notify users of updates, while Firefox 3.6.8 and 3.5.11 update notifications have been "throttled" to reduce the number of users affected by the problem.

Mozilla has yet to say when the update notification will be re-enabled, but it appears that 3.6.10 and 3.5.13 versions are being prepared and that the notification will return with their release. Users running previous versions can still update manually by downloading Firefox 3.6.9 or 3.5.12 directly from the project's site.

Update: Under certain circumstances, a bad signature in the open source ClamAV virus scanner is reporting a false positive for Firefox 3.6.9. The AV application also incorrectly reports that the latest beta of Firefox 4 is infected with the Bredolab trojan.

See also:

Mozilla renames Firefox 4 Beta 6 to Beta 7, a report from The H.

(crve)