Firefox Hotfix: There are small issues that can occasionally affect Firefox users after a release. Correcting those small issues should not require a full Firefox update. With a new hotfix system, Mozilla can patch minor issues in Firefox without requiring a browser restart.
Interesting, they don't seem to do live patching, but leverage the addon system to do small updates until a browser restart is performed. This wouldn't be able to fix issues at the core of the browser, but it would still be able to do a lot.
Silent Update: The Firefox update process will be moved to the background and Windows admin passwords and/or UAC prompts will be removed. Also, users with the rare incompatible extension will have a gentler upgrade process.
Do you think this is a good idea for Windows updates for the big public? If not, how is Firefox different?
Firefox installers are signed (and so are updates), so I don't see any security issues here. On the contrary, removing the need for people to approve all those useless UAC prompts makes it more likely they will actually look at the next one to pop up and see if it is legit.
On the one hand, it's basically an enormous usability win. I don't want to manually manage all of my security updates.
On the other it's a little hard to let go of the fact that I no longer control all of the software on my own diskspace - even if, admittedly, that has been an illusion for many years now.
Is there an issue with mitm attacks at hostile wifi points of access? Dns pointing to a bunk certificate authority maybe? I am not fully versed on this though so I don't know how possible this attack is.
The update payload itself is signed with a private key controlled directly by Mozilla, to avoid vulnerability to CA compromises [1]. The connection to the update server performs additional checks to ensure not only that the SSL certificate is valid, but that it matches one of a small list of known certs or issuers, so that a fraudulent CA can't hijack the connection with a forged certificate [2][3].
(As a side note, the fact that this is necessary points out some of the major risks in the current CA system, which will hopefully be addressed in whatever eventually replaces it...)
Even if possible, all of those would be independent on whether updates install silently or not - they have always been downloaded in the background automatically.
This is great.