Mozilla today released Firefox 6, the second edition since it shifted to a rapid-ship cycle that delivers a new version of the browser every six weeks.
The company also patched 10 bugs with the upgrade, and issued an update to 2010's Firefox 3.6 that fixed seven flaws total, six of them different than the ones quashed in Firefox 6.
Today's release of Firefox 6 was the second time in a row that Mozilla met its self-imposed deadline since the debut of a faster shipping schedule in March. Mozilla has historically struggled to ship browser upgrades on time, but is now 2-for-2 after picking up the pace.
There is very little difference between Firefox 6's user interface and that of its immediate predecessor, Firefox 5, or the slightly older Firefox 4.
Under the hood, however, Mozilla has added a new permissions manager that lets advanced users tweak options on a per site basis. The new manager, which can be reached by typing "about:permissions" in the browser's address bar, can be used to modify settings for password capture, cookies, pop-ups and more.
On the security front, Mozilla patched vulnerabilities in both Firefox 3.6 and Firefox 6.
Five of the seven bugs fixed in Firefox 3.6.20 were rated "critical," the company's most serious threat rating; the two exceptions were tagged as "high."
Eight of the 10 bugs quashed in Firefox 6 were also rated critical, with two labeled high.
Because Mozilla now bundles virtually all security patches with each version upgrade, users stuck on Firefox 4 are now running a browser vulnerable to 20 different bugs.
According to Web metrics vendor Net Applications, about 9% of the people using Firefox as of the end of July were running Firefox 4.
One of the critical vulnerabilities patched today was in Firefox's implementation of WebGL, a 3-D rendering standard that both Chrome and Firefox comply with. The bug was reported to Mozilla by a researcher with Context Information Security, a company that has cited serious security issues with WebGL.
Previously, Context recommended that users and administrators disable WebGL in Chrome and Firefox.
Microsoft, whose Internet Explorer (IE) does not support the standard, also jumped on the anti-WebGL bandwagon as it criticized rivals Google and Mozilla for supporting it.
Microsoft, however, did follow past practice by congratulating Mozilla for shipping Firefox 6 and delivering baked goods to its competitor.
"Congrats to Mozilla on shipping Firefox 6!" said Ari Bixhorn, director of IE, on Twitter today. He included a link to a photo of a cupcake Microsoft sent to Mozilla.
Microsoft again tweaked Mozilla for another rapid-release upgrade by sending a cupcake. (Image: Flickr.)
Microsoft switched to cupcakes when Mozilla went to its six-week schedule; earlier, when Mozilla shipped a new version every year or so, Microsoft sent cakes.
Mozilla outlined the vulnerabilities patched in Firefox 3.6 and Firefox 6 in a pair of security advisories that took a different form than has been the company's custom. Rather than publish an advisory for each vulnerability, today Mozilla bundled each editions' collection in one easily digestible document.
As does Google with Chrome bugs, Mozilla locks its Bugzilla change- and bug-tracking database for just-patched problems, preventing the general public -- and presumably hackers -- from gleaning information.
Firefox 6 can also be downloaded manually from Mozilla's site. People running Firefox 4 or Firefox 5 will be offered the upgrade to through the browser's update mechanism, which is triggered when the "About Firefox" dialog is opened.
The next version of Firefox is currently scheduled release on Sept 27.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about browsers in Computerworld's Browsers Topic Center.