New firefox support model and coming changes in stable updates

Sebastien Bacher seb128 at
Tue Jun 1 11:59:25 BST 2010

Hello Ubuntu Developers,

The desktop team has been working since the Karmic UDS on the following

The upshot of the blueprint is that there will be some changes to users'
desktops if they are currently Hardy, Jaunty or Karmic users. 

In Lucid, we put in a lot of effort to ensure these updates will be
easier in the future (Firefox now uses bundled libraries rather than
system libraries, we have reduced the number of applications in the
archive using xulrunner, and dropped a lot of extensions too). The
update for Lucid is quite trivial, but the update in Hardy, Jaunty and
Karmic is not quite as simple. When we roll out the new version, we also
need to update the following: 

      * All the Firefox extensions that we ship in the archive 
      * Language packs 

In addition to this, we are going to be porting some applications which
are currently using xulrunner 1.9 to either the latest version of
xulrunner ( or Webkit. However, this can happen after the
Firefox rollout, as the 2 xulrunner versions can be installed in
parallel. We have a list of the affected applications [2]. We won't be
porting all of the applications on that list, but will be focusing on
the applications which are exposed to insecure content (at the bottom of
the page). 


Firefox 3.0 (and xulrunner 1.9) are now unsupported by Mozilla. Rather
than backporting security fixes to these now, we are moving to a support
model where we will be introducing major new upstream versions in stable
releases. The reason for this is the support periods from Mozilla are
gradually becoming shorter, and it will be more and more difficult for
us to maintain our current support model in the future (see [1] for


Next week, Mozilla will release Firefox 3.6.4 as a minor update to the
3.6 series. This will be rolled out to Lucid, Hardy, Jaunty and Karmic
(along with xulrunner 

Call for Testing:

Packages will be hosted in the Ubuntu Mozilla Security team PPA [2]. 

As this is being rolled out as a security update (rather than a SRU),
there is no bug report tracking this. The rollout is being covered (and
will be announced) by USN-930-1. 

Clearly, there are significant risks associated with the update. In
addition to ensuring that Firefox and all the extensions still function
correctly after the update, we also need to ensure: 

     1. All the Firefox plugins (eg, Flash) still work 
     2. The actual upgrade to the latest version goes smoothly 
     3. We don't break Hardy -> Lucid and Jaunty -> Karmic upgrades 
     4. The upgrade works with the *-updates pocket disabled 

Applications that are ported to the latest version of xulrunner (or to
Webkit) will also need testing. However, we will also need to test every
application on the list in [3] (even the ones which aren't being
updated), with the latest version of xulrunner installed on the system.
The reason for this is that most applications dynamically load one of
the GRE's on the system, and some of these applications will load if it is present. I already know of 1 API change in
which had been causing me problems with applications I've been porting,
so it's possible that the same issue will affect applications we aren't
porting if they load the newest GRE. 

You can help testing the upgrade by following the instruction on 

Thank you,

Sebastien Bacher
On behalf of the Ubuntu Desktop team




More information about the ubuntu-devel-announce mailing list