It is a well known fact that users who are running out of date versions of software are at risk to a variety of security attacks. Firefox is no exception. Not only are out of date users at risk to a whole host of known security issues, they are not experiencing the best the web has to offer in terms of modern web technologies, web developer tools, stability and performance.
Unfortunately, not all users are automatically updating. The User Advocacy team noticed that each time we release a new version of Firefox, around 2% of our users get stuck on that version and never update.
(Photo Sourced from ArsTechnica and NetMarketshare)
While Firefox does allow user choice in deciding if they want to keep up to date automatically, install updates manually, or disable them entirely, the vast majority of our users leave updates enabled. In a survey ran last year of users on out of date versions of Firefox, just under 70 percent of users surveyed not only wanted to be kept up to date automatically, but thought they were already on the latest version. Obviously, something was going on and these users weren’t updating automatically like they should have been.
After running this survey in Q2 of 2013, the User Advocacy team sat down with various stakeholders throughout the organization such as Robert Strong, who owns the Firefox Updater mechanism, Benjamin Smedberg, various members of the Metrics team, and others. Between us, we formed the idea to give out of date users a hotfix that bypasses the built in updater and downloads a fresh installer of the most recent version of Firefox, assuming that they’re on a new enough version to support Firefox’s Hotfix system (Firefox 10 and up). Thus was born Bug 928173. This hotfix was completed and released to users on July 16.
Some items of note about the Update Hotfix:
- It is currently Windows only, and will only operate on Non-ESR versions of Firefox 10 and above (We will continue to expand the audience that can receive this hotfix in the future)
- It will only attempt to run on a Firefox profile that has updates enabled (we want to respect user sovereignty)
- If a user fails to allow the UAC prompt the hotfix will display a prompt to the user until they install the update. We expect to see the downward trend of out of date users continue for some time as users allow the update to happen.
- We’ve found a few bugs in this hotfix, and will be investigating a v2 to fix them.
- Due to a bug in our data collection, we lost the first 24 hours of hotfix deployment numbers. This is unfortunate as we suspect the majority of activity happened in the initial 24 hours. We will try to estimate these numbers with other data.
Hotfix Deployment Results:
As of July 28, well over 8.4 million users have installed the Add-on Hotfix (Note, this is missing the first 24 hours of data, so the number is probably significantly over 8 million). Of the users who have installed the add-on, over 4.3 million have actually updated (again, likely more). Of the remaining users, the majority didn’t allow Firefox to update when the User Account Control (UAC) prompt appeared, and so they will receive a notification asking to update Firefox until they end up installing the update. There are a few bugs we’ve found in the hotfix (more on that later), but we believe the vast majority of installs are proceeding smoothly.
For users experiencing trouble with the hotfix, we direct them to the SUMO website. We have a special article written just for users who are having a hard time updating. Prior to the hotfix, this article was receiving a few hundred users a day (it receives more on a week where we release a new version of Firefox, but that was several weeks before this hotfix went live). The graph below represents page views after releasing the hotfix:
In just 24 hours, we went from around 400 visitors a day to nearly 600,000 users in one day!
Missing Users and Total Impact:
Using our numbers of all users who installed this add-on, and visited the SUMO site, we can estimate that somewhere in the area of 11.5 million users have installed this hotfix so far, with around 6 million updates installed! Since were were so restrictive in how we deployed this hotfix, we will be able to use these numbers going forward to better estimate our out of date population and how to help those users.
We are extremely happy with the results of the Hotfix so far, but there is still work to be done. Work on V2 of the hotfix, is already underway and will fix some of the bugs we’ve discovered in the current hotfix:
- Possibly Adding Support for Mac
- Improving Data collection
- Resolving issues installing on Windows XP
- Other fixes
Please stay tuned for future updates. If you do have other questions feel free to reach out to the User Advocacy team or any of the stakeholders above.