Firefox is the default and only supported web browser in Red Hat Enterprise Linux.
The following overview also applies to Thunderbird.
Mozilla ships Firefox and Thunderbird in two different streams with different use cases.
Newer versions are released every 4 weeks, constantly introducing new features, ideal for home users and progressive web applications developers. This is the release stream which is available within the Fedora Project.
Firefox Extended Support Release (ESR)
A new version is released once a year, during the year Mozilla provides security and bug fixing releases every 4 weeks. It provides a stable and predictable platform for enterprise web applications. This longer-lived release stream is available within the supported Red Hat Enterprise Linux releases.
A new major version of Firefox ESR is released roughly once a year and gets security/bug fix releases every 4 weeks. Mozilla releases updates of the previous ESR for another 3 months to give organizations time to upgrade to the latest ESR. That's also a window for us to rebase Firefox in all versions of Red Hat Enterprise Linux.
Closely following upstream
There are two primary reasons for the Red Hat Enterprise Linux distribution using the upstream ESR release as opposed to the faster-moving Standard Firefox release:
- Security. A web browser is a very security-sensitive component and the volume of CVEs is really high (as many as 17 critical or important CVEs fixed in one update). Backporting security fixes to older versions within our SLA deadlines is impossible with the resources we have.
- Compatibility. Development of web technologies is dynamic, the ESR release balances the need to support next-generation as well as much older web applications.
The upstream Firefox ESR release schedule is publicly available on https://wiki.mozilla.org/Release_Management/Calendar.
Firefox relies on other components that need to be taken into account while preparing a rebase plan.
Network Security Services (NSS)
New Firefox requires a new version of NSS ESR that is typically released upstream roughly 2 months before the Firefox release. Firefox is currently using the system NSS for security and certification reasons. So a rebase of Firefox always requires a rebase of NSS that needs to be done by the Platform Security team.
Typically on older RHELs the version of GCC required by Firefox is significantly newer than the base distribution. As a result, the version of GCC provided by the Developer Toolset program, also known as gcc-toolset within the AppStream repository, is used..
Similarly, the Rust toolchain from the Developer Toolset program, also available as a module within the AppStream repository, is updated to the latest version when a major ESR rebase is ongoing.
Firefox requires GTK 3, which is not available in Red Hat Enterprise Linux 6. It is currently bundled with Firefox, Thunderbird, and Chromium.
Firefox requires newer NodeJS as part of the build process. This is also bundled along with the Firefox ESR release for Red Hat Enterprise Linux.
ESR gets regular upstream security and bug fixing updates every 4 weeks with asynchronous releases for important CVEs. In general, upstream updates include critical and important CVE fixes. A 5-work-day deadline is imposed, according to internal SLA with every Firefox update.
Mozilla provides Red Hat Development Engineering with the source code and advisories just a few days before they are made public, Once this content is made available, the changes are evaluated, applied, tested, and shipped asynchronously as soon as possible.