Without wishing to over-simplify: is it reasonable to assume that advisories are simply published when appropriate?
Or is there, internally within Mozilla, a notional frequency, e.g. monthly publication, with (understandable) variations from that frequency when appropriate?
Just curious. And I’m probably not explaining myself well … sorry!
I thought you articulated your question extremely well, @grahamperrin; however, I wouldn’t take it personally—and certainly wouldn’t be surprised—if a thorough, authoritative answer never shows up.
That’s simply due to the impetus we all know that’s placed upon security due to the vital role it plays in both browser development and continuity. In terms of overall interest and the ensuing traffic the reports receive, I don’t feel I’m speaking out of turn by assuming the metrics must be quite low. The MFSAs are most likely posted with only a niche audience in mind and for transparency/documentation purposes.
The question still has merit, no doubt about that; check out (and maybe even get involved with) Bugzilla if you haven’t already. That is, if this subject matter is something you’re interested in beyond mere curiosity.
Kudos for taking the initiative and asking, though!
… Firefox is released at intervals of four to five weeks (not counting urgent patch updates), meaning that every four to five weeks there will be a new version of Firefox Release. …