Silent auto-patching coming in Firefox 13

The silent auto-updater means that startup and shutdown of the open-source web browser won't be affected by installation routines. It will also ensure a wider distribution of security fixes.
Written by Ryan Naraine, Contributor

Mozilla plans to add a silent automatic patching utility into Firefox 13 as part of a plan to "cater to update fatigue."

Firefox currently offers an automatic updater but the process is not silent and requires that the end user click to apply the patch after it's downloaded.

With the silent updater, Firefox security patches will be downloaded and installed silently in the background.

"It means that startup and shutdown of the web browser won’t be affected by installation routines," says Robert Nyman, a technical evangelist at Mozilla.

Additionally, the "What’s New" page displayed after an update can now be displayed depending if there is important information needed to be displayed to the end user, Nyman added.

Computerword's Gregg Keizer reports that Firefox 13 is due in June 2012.  Mozilla currently ships Firefox updates on a six-week cycle.

Google has fitted a silent auto-updater into the Chrome browser and there is word Adobe will do the same for its Flash Player software.

[ SEE: Study: Silent patching best for securing browsers ]

For years, security practitioners have argued against silent patching, warning that end users should know — and consent to — what’s being changed on the machine but, according to a study conducted jointly by Google Switzerland and Swiss Federal Institute of Technology, the silent updaters in browsers enhance security:

With silent updates, the user does not have to care about updates and system maintenance and the system stays most secure at any time. We think this is a reasonable default for most Internet users. Further more, silent updates are already well accepted for Internet Web applications.

…Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version. However, there is still room for improvement as we found. Google Chrome’s advantageous silent update mechanism has been open sourced in April 2009. We recommend any software vendor to seriously consider deploying silent updates as this benefits both the vendor and the user, especially for widely used attack-exposed applications like Web browsers and browser plug-ins.


  • Adobe working on new automatic (silent) updater
  • Firefox 6 patches 10 dangerous security holes
  • Mozilla knew of Pwn2Own bug before CanSecWest
  • Researchers hack into newest Firefox with zero-day flaw
  • Editorial standards