Nov 122012
 

New research from Kaspersky reveals that 34% of Firefox users do not have the latest version of the browser installed. In addition, when a new version of Firefox is released, it takes 27 days for the majority of users to make the upgrade.

Given that Mozilla release a new version of Firefox every 6 weeks, most users are only just managing to upgrade to the (more secure) latest version before another new version is released…

As cybercriminals can move to exploit known browser vulnerabilities within hours, most Firefox users are therefore at (unnecessary) increased risk for 4 weeks out of every 6.

Comparison With Other Browsers – If 34% of Firefox users are at risk from an outdated browser, how does that compare with users of major rivals, Chrome and IE?

  • Chrome – only 20.3% of do not have the latest version installed – a much smaller percentage than Firefox users.
  • IE – only 19.8% of users do not have the latest version (IE9) installed – however, if you include IE8 (the latest version available for XP), then that percentage drops to just 3.9%

IE users come out top for using the latest version. Chrome users are a close second whilst Firefox users (34%) appear to lag way behind. It is also worth considering to what extent an outdated browser is actually an obsolete browser – are users who do not have the latest version just late in updating from the previous version or are they months out of date? Kaspersky define obsolete browsers as all those before the previous version.

The research data is from August 2012 so, at the time of the study, the following were considered obsolete: Firefox 13 and earlier, Chrome 19 and earlier, IE7 and earlier.

  • Chrome – obsolete versions were used by 4.9%
  • IE – obsolete versions were used by 3.9%
  • Firefox – obsolete versions were used by 22.7% (even worse, 10% were using Firefox 9 or earlier so are at least a year out of date)

Once again, IE and Chrome have very few users of obsolete versions whereas more than a fifth of Firefox users are stuck on an obsolete browser which is both outdated and insecure.

Firefox ESR Exception? Firefox does offer an annual ESR (Extended Support Release) version aimed at organizations who do not want to upgrade every 6 weeks – this is currently Firefox ESR 10. Although ESR 10 may not include all the latest features, it does include regular security updates so it cannot be considered obsolete or outdated. It is unclear from Kaspersky’s study whether their figures for ‘obsolete’ versions (Firefox 13 and earlier) include ESR 10.

However, in the study, Firefox 10 only accounts for 1.9% of users anyway – even if the study does not differentiate between ESR and standard Firefox 10 users, the total percentage of users with an outdated Firefox could only be a maximum of 1.9% higher than it ought to be.

Why Are So Many Firefox Users Lagging Behind? There could be many reasons (e.g. they prefer the older user interface) but a major cause must be the fact that Firefox makes it so easy to disable automatic updates…

  • Chrome provides no option in the user interface to disable automatic updates (it is possible via a registry tweak).
  • IE provides no option in the user interface to disable automatic updates. It receives updates from Windows Update which is set to update automatically by default.
  • Firefox does provide a simple option to disable updates in the user interface – via Tools \ Options \ Advanced \ Update as shown below:
Mozilla Maintenance Service

Firefox Automatic Update options

Conclusion

Giving users a simple way to disable Firefox updates is a security risk – it may explain why 34% of them are still using an outdated or obsolete version. To improve security, Mozilla should remove this option and reset updates to automatic – power users could probably use a manual workaround whilst users who do not like 6 weekly changes could switch to the ESR version for annual updates.

Are you using the latest version of Firefox – if not, why not? Let us know in the comments.

  3 Responses to “34% Of Firefox Users At Risk From Outdated Browser”

  1. I always keep my browsers up to date in the hope that one day, one of them will be able to play my Streaming Videos, Youtube videos etc without stalling all the time.

    The only browser I have found which plays all videos smoothly is Opera., never a hitch !

    I update all Browsers, Flashplayer etc faithully when a new release is available but I still cannot get one of my other browsers to play videos smoothly ( I have Google Chrome, Firefox and IE 32&64 and I tried WaterFox ) .

    Unfortunately Opera has a few drawbacks like bad graphics on PDF files, inability to print backgrounds on printouts etc., so I have to revert to the other Browsers for those things which is why I’d like to get a Browser which covers all things.

    I have a 64bit W7 Computer with 4GB RAM so as far as I know – should be no problem however….

    I will keep updating my Browsers in case ‘one day’ ………………………………………….

    • Your specs should be fine Brian so strange that (Flash?) videos don’t work in the other browsers – especially Firefox as it uses the same flash plugin as Opera…

      Assume your broadband speed is good, more than 4mbps (not just that Opera is better at caching)? If so, only one you haven’t tried is Pale Moon 64bit but I suspect you’ll get the same result as Firefox 🙁

  2. some social media (such as russian “odnoklassniki”) replace their headline with huge caption “firefox is outdated…”. if it’s in my comp, it’s all up 2 me ; but there are many people i help solve computer problems. i have 2 make unpleasant choice, either 2 tell them do it themselves (and, after that, have potential problems caused by their possibly incorrect actions), or waste my time 2 go 2 them and do it myself. i tell them to never mind, but they see that caption time and time again, and it annoys them. is there any way i can tell them to simply remove the caption till i visit them and perform the update in the case it’s really necessary ? i usually do know whether the updates are critical…