Firefox 16 Pulled To Address Security Vulnerability

Shortly after the release of the newest major version of Firefox, an anonymous reader writes with word that "Mozilla has removed Firefox 16 from its installer page due to security vulnerabilities that, if exploited, could allow 'a malicious site to potentially determine which websites users have visited' ... one temporary work-around, until a fix is released, is to downgrade to 15.0.1"

Firefox *16*!?

[Rosco P. Coltrane]

Wow, I'm still using FF 3.6.12. I must have fallen into a time wrap bubble... What year is this?

Re:Firefox *16*!?

[Anonymous Coward]

Finally Firefox got legal in my state.

Re:Firefox *16*!?

[jfengel]

And they seem to have celebrated by screwing it.

Re:

[KBentley57]

If you have been anywhere near any tech site in the last year or more, you would know that firefox has gone mad with the numbering scheme. So, either you've been offline for longer than usual, or are trolling mozilla.

Re:

[partyguerrilla]

It's simply replicating Chrome's numbering scheme. The idea that a higher version number is a better product is still ingrained in people's heads for some reason.

Re:Firefox *16*!?

[tuppe666]

It's simply replicating Chrome's numbering scheme. The idea that a higher version number is a better product is still ingrained in people's heads for some reason.

As part of the process. Large features get to be rolled out when they are ready, rather than waiting for a release every one to two years, or even delaying those releases if they are not.

Re:

[VFA]

I think Firefox should only use irrational number for their version numbers. that would be logical :)

Re:Firefox *16*!?

[runeghost]

Fortunately, Firefox is well on it's way to helping destroy that idea.

Re:

[buck-yar]

Their numbering scheme makes it look like they're not fixing anything, just releasing on a whim. Then this...

Re:Firefox *16*!?

[tuppe666]

Their numbering scheme makes it look like they're not fixing anything, just releasing on a whim. Then this...

The delayed release contains a new Developer Command Line, unprefixes a number of stable features including: CSS3 Animations, Transitions, Transforms, Image Values, IndexedDB and Values and Units. Firefox also unprefixes Battery API and Vibration API, two Web APIs. [Mac users will find that preliminary support for the VoiceOver screen reader]

It also fixes for numerous critical vulnerabilities. Holes associated with a full 14 security advisories were closed in the new Firefox 16, in fact, 11 of them rated “critical.” [memory corruption and memory safety hazards, a buffer overflow bug, and a spoofing and script-injection flaw]

That sounds like enough to more than enough to justify a release. The fact that they have pulled its release for security reasons, seams pretty sensible to be.

Re:

[X0563511]

Javascript Frameworks for Javascript

I think you know what I want to say, here...

Re:Firefox *16*!?

[mcgrew]

So, either you've been offline for longer than usual, or are trolling mozilla.

If he were trolling Mozilla he would have said "here's the patch!" and linked the IE download page. Um, did the IE vuln get fixed yet? Opera is looking better and better!

Re:Firefox *16*!?

[L4t3r4lu5]

If he were trolling Mozilla he would have said "here's the patch!" and linked the IE download page. Um, did the IE vuln get fixed yet? Opera is looking better and better!

You can prise Mosaic from my cold, dead, Compaq Presario PC with 200MB hard drive and Pentium MMX CPU!

Re:

[CheshireDragon]

wow, nostalgia hits....66MHz 486DX was the first comp I ever built. After a few weeks I upgraded to 4MB RAM baby and that was 200$ my dad spent. I would have bought it, but I was only 12 at the time.

Re:

[lxs]

Opera is looking better and better!

But Opera is only on version 12.02!

Re:

[Billly Gates]

So, either you've been offline for longer than usual, or are trolling mozilla.

If he were trolling Mozilla he would have said "here's the patch!" and linked the IE download page. Um, did the IE vuln get fixed yet? Opera is looking better and better!

Yep within in 24 hours. IE may have a much slower release schedule and be behind in some area's but it is not IE 6 anymore. It is an ok browser and certainly usable after IE 9 and IE 10 is very competitive to Chrome and FF believe it or not. Since MS takes security seriously they have improved it and have a security response team similiar to Google's and Symantecs.

You can hate Windows still but I do give them an applause they have been very actice shutting down malware networks.

Re:Firefox *16*!?

[BenJury]

Why is it 'mad'? I don't understand why people have such issues with this. Its just a damn number. If it really irks you so much just add a decimal point to the start of it in your head and move on.

Re:

[BenoitRen]

Obviously people have an issue with this because it's not just a number.

Re:

[BenJury]

Um, I suppose if I squint it kinda looks like 'Ib, so I guess so....

Re:

[Anonymous Coward]

Never, ever, did I hear these fossils complain about the version numbering of the web browser of their darling ad broker.

Firefox does it, bang, default complaints with every release.

Re:Firefox *16*!?

[dietdew7]

It's mad because we never know whether we're getting a patch with a few bug fixes or a completely different UI. I guess I'm mostly annoyed that Mozilla and other software producers feel the need to make-over their UI every six months. It feels like change just for the sake of change.

Re:

[mattOzan]

Firefox Extended Service Release (ESR) is available for those who require consistency in the UI for a longer term.

http://www.mozilla.org/en-US/firefox/organizations/.

Major version releases are only every 12 months. There is a minor patch release every six weeks which coincides with "normal" Firefox version updates. All security patches are deployed to both release channels, but feature enhancements are not deployed to the ESR channel between major version releases..

Re:

[X0563511]

Is there some reason this isn't the "default" distribution of it then? Nobody but QA testers and gentoo fans should be using the other one.

Re:

[sjames]

Then use the ESR and be happy. It's been a few years now since developers reliably used the major.minor.sub-minor versioning.

Re:

[interval1066]

I agreee with OP. Its makes numbering releases irrelevant rather than convinient way to index releases by usefulness. Obviously you're a fan of reading the release notes over and over again everytime you need to know what's in a particular release.

It's more than just decimal points

[Kergan]

Why is it 'mad'? I don't understand why people have such issues with this. Its just a damn number. If it really irks you so much just add a decimal point to the start of it in your head and move on.

It's not just a damn number. By convention in typical software versioning, version X.Y.Z means:

- X: major version number
- Y: minor version number
- Z: bug fix version number

Taking a house analogy:

- The major version number is akin to the building itself; it's the overall architecture. You bump this when you basically tear part or all of the whole thing down and rebuild it on more solid foundations.
- The minor version number is akin to the interior floor plan, plumbing, cabling, etc.; it's the API. You bump t

Re:It's more than just decimal points

[BenJury]

That argument completely falls apart, however, when you consider the system admin or the advanced user who ends up asking himself whether he should upgrade a non-conforming piece of software on a computer or not.

If you're making this decision based on the version number alone, you're doing it wrong.

Re:

[X0563511]

When you have several options of more or less equal merit, the version numbering scheme is a perfectly valid deciding factor.

Re:

[BenJury]

With logic like that, I somehow suspect you work in a paper factory in Slough.

Re:

[X0563511]

Why? If the decision is closely matched enough to be arbitrary, why are arbitrary deciding factors not appropriate?

Re:

[BenJury]

I'd rewrite that as 'To many who do not have a vested interest it signifies major API changes are happening rather frequently'. Those who do care will know all about the new version and its changes as they'd be on the beta channel. For us normal users, we don't care, which incidentally is why they are not marketing the version number at all. Its just 'Firefox'.

Re:

[Cyko_01]

Hardly! Most addons default to compatible now. Those that cannot, simply set the max version to 50. The UI hasn't changed significantly since 4.0

Re:

[Anonymous Coward]

Please, enough with those old jokes. Firefox is buggy and slow enough to create new ones.

Re:Firefox *16*!?

[dna_(c)(tm)(r)]

Wow, I'm still using FF 3.6.12. I must have fallen into a time wrap bubble... What year is this?

Don't worry, Mozilla switched from miles to meters. It's only three weeks ago. Expect FF 238 around Christmas.

Re:

[davidbrit2]

The asymptotic release shortening means they'll have to start using scientific notation shortly after the new year.

Re:

[bluefoxlucid]

Yeah that's what I was thinking. FF50 will be out by the time I'm old enough to date.

Re:

[Anonymous Coward]

The newest version of Firefox glows an eerie blue due to the Cherenkov Radiation emitted as the electrons making up it's version number accelerate faster than the speed of light can travel in the OS medium it's suspended in.

Re:

[X0563511]

That update was so bad it gave me cancer!

Re:

[higuita]

Dont worry, they dropped the 3.7 from the version... just imagine that its version 3.7.16 :)

Re:

[Luckyo]

IS 3.6.28 bugged for you? It's the last release of the 3.6 "not chromefox" family.

Re:

[jonadab]

I tried Firefox 3, but it kept losing tabs on me. I downgraded to Firefox 2 and have not looked back.

Re:

[KiloByte]

To FF10, since that's the stable version that upcoming distributions will ship. The glorified trunk snapshots you hear so much about are not supported (beyond "pull the newest snapshot"), so have no place on serious non-dev machines.

Re:

[LordLimecat]

The trunk snapshots have a name, Aurora.

Theyve moved to Chrome's dev model, which as an end user is awesome (especially now that their autoupdater actually WORKS). Bugs get fixed faster, and I dont have to wait 6-12 months for them to add a feature that everyone's been clamoring for for months (as back in the 1.0, 1.5 etc days).

Re:

[Desler]

Yeah it works so awesome that now people need to know to downgrade because they too rapidly released a product with a huge security hole.

Re:

[X0563511]

What makes you think that couldn't happen on a slow release schedule? The bug wasn't discovered until it hit the general user population. Whether that took 4 months or 4 days doesn't matter.

Re:

[LordLimecat]

The stack of bugs is smaller because the release is smaller. Thats the whole point.

Re:

[tuppe666]

3.6 is to modern versions of Firefox as IE6 is to...well, a better version of IE that has yet to be released.

I'm not sure if your being sarcastic or not. IE6 is very much kill it with fire, the fact that Microsoft has limited the update to XP of IE is a disgrace. As a user of Firefox I would argue strongly that 15 is head and shoulders above 3.6 whatever the version number a browser released January 2010 well over 2 years ago.

Darn it Mozilla

[thomas8166]

Well, guess that serves me right for being on the Firefox beta channel. I honestly don't even remember how long I've been using the FF16 beta. TFA didn't mention if beta users are affected, but I'm going to assume that we are.

Not so smart

[SirDice]

Why the hell did they pull it? Firefox 16.0 fixes 24 bugs, of which 21 are considered important. They're advising people to downgrade to THAT version because of ONE minor privacy issue. Seriously? Why don't they urge people to upgrade to 16.0 and start pushing out 16.0.1 as fast as they can?

Re:

[Bigby]

Yeah, I was thinking "We're all going to die!" How is this considered that major of a bug? I guess maybe they can get the session ID in a GET request and get to your banking website?

Re:

[Anonymous Coward]

As I understand it, sites can access stored URL's and URL parameters. An obvious example of a URL you wouldn't want exposed would be ftp://username:password@someserver.foo.

Re:

[SirDice]

I can deal, for a short while, with this relatively simple issue. I can't deal with 21 serious bugs while Mozilla takes their sweet time to fix that one issue.

Re:

[BZ]

Sweet time? It was fixed yesterday, hours after it was discovered; builds should be coming out today.

Re:

[javary]

16.0.1 is now out.

https://www.mozilla.org/en-US/firefox/all.html [mozilla.org]

Re:

[BZ]

When the decision to pull was made, the schedule for 16.0.1 was already known.

Re:

[Blue Stone]

Surely the solution is to disable history or browse in Privacy mode, rather than downgrade and risk exposure to those 21 important security issues present in version 15.

Oh well

[scdeimos]

I guess the decades-old saying still holds true, "never install a point-O release."

No auto-downgrade?!

[Anonymous Coward]

Why don't they issue an 'update' that downgrades me back to 15.0.1 then? They can even rename it 16.1 or whatever to keep the auto-update happy with a version number increment.
I got upgraded yesterday, do I have to manually downgrade myself - seems ridiculous.

Sad but expected

[Arker]

Considering all the stuff "16" was supposed to have fixed, recommending a rollback over this sounds completely incompetent. And therefore expected.

Remember, these are the same geniuses that decided to start rolling the version number everytime someone fixes a typo a few months ago, and thus calling the current version (what is it really, 5.3 or so?) 16. And it isnt truly new either, take a look at this old bug for example: https://bugzilla.mozilla.org/show_bug.cgi?id=78414 [mozilla.org]

Been sitting there well over 10 years now. Not one serious attempt to fix it. How many new features that no one wanted and random gui changes to confuse users have they managed to implement in that time period?

So yeah, no surprise here. Please, someone, make a browser that doesnt suck.

Re:

[BenoitRen]

Maybe you'd like SeaMonkey or Opera.

Re:

[jonadab]

> Please, someone, make a browser that doesnt suck.

Oh, they already did that. It's called Firefox 2.0.0.20.

Open-source programmers famously don't like to re-invent the wheel, so naturally since making a browser that doesn't suck has already been done, it's now a solved problem and therefore no longer interesting to work on.

The community has therefore moved on to newer and better things, like combining related toolbar buttons into one (back/forward), unnecessarily changing how user data (such as bookmark

Re:

[Jesus_666]

So yeah, no surprise here. Please, someone, make a browser that doesnt suck.

True. As a web developer I like HTML5 and CSS3 but it's interesting how browser engines are often still lacking in fairly basic things. For instance, WebKit apparently can't handle hover states on pseudo-elements properly [webkit.org].

Perhaps the browser/engine devs should spend some time on making sure that the existing functionality works well before trying to one-up each other in who supports the latest first-draft CSS feature. Then again that's not how competition works so I guess I'll be looking forward to CSS5 A

Re:

[tlhIngan]

Webkit doesn't follow the W3C standards. They follow whatg and their own. My fear is W3C which is about to finalize HTML 5 will be incompatible with webkit and Google will do a microsoft and try to make it like IE 6 in order to corner the mobile web market.

Webkit dominates the mobile web market already. Android uses webkit by default, as does iOS. And Blackberry's new browser is webkit based.

The only mobile OS to come with a non-webkit browser is Windows Phone.

Short of installing Firefox or Opera, webkit pr

Re:

[Jesus_666]

Well, it's not like Firefox isn't coding to the WHATWG specification. Or Opera. Or Microsoft. HTML5 as specified by WHATWG so far is the HTML5 everyone's currently dealing with.

Of course there are still plenty of WebKit-specific things that pop up all over the web because the web development community seems to have a massive WebKit fetish. (I admit that WebKit is fast and has nice dev tools but I think it's kind of quirky and temperamental compared to Gecko.) Essentially WebKit is turning into IE6 because

Re:

[bluefoxlucid]

So, a Java emulator with a QuickSave binding at F11 or ^s you would rather hit F11 and Firefox wanks to fullscreen? What about arrow keys? I can't scroll up/down a page (or left/right for that matter) when a plug-in OR an input box has focus! So horrible when I'm trying to play Pacman flash games, jamming up/down/left/right on twitch reactions, and the page just SITS STILL AND WON'T SCROLL! That's a total bug, must fix it.

Re:

[Arker]

If your gizmo really needs reserved keystrokes like that, then you should think about making it a separate app, not running it inside a browser!

The browser global keystrokes only serve their purpose when they are globally available and always work. This is absolutely fundamental. Shortcut keys that only work in certain tabs, not in others, depending on what is loaded, is fundamental interface breakage. Shortcut keys that do one thing in one tab but something else entirely in another is even worse.

Re:

[bluefoxlucid]

and what about JavaScript hijacking keystrokes and context menus, resizing and moving windows, etc?

Re:

[Arker]

Which is why most of the sites that use a lot of javascript are essentially unusable without noscript.

Re:

[jez9999]

Please, someone, make a browser that doesnt suck.

Try Seamonkey's browser [seamonkey-project.org].

Re:

[Arker]

This is a really hilarious suggestion. Not that I am saying I wont try it, but... let's remember here. Back a long time ago, it was Netscape Navigator that we all adopted because it sucked less than Mosaic. Then it became this whole huge crufty Netscape suite, with a bunch of extra stuff most of us didnt want or use (including a particularly awful mail client.) People slowly quit using Netscape, moving to IE (blech) or Opera in worrying numbers. Netscape became Mozilla, and this Netscape Suite became, if I

Re:

[donaldm]

The latest update of F17 has firefox 16.0.1. (firefox-15.0.1-1.fc17_16.0-1.fc17.x86_64.drpm) With delta rpms it is only 8.7 MB, however I also noted a new Chrome update which like all Chrome updates has no deltas so I have to download another 43 MB which is a little annoying especially when my last update was only a few days ago.

google-chrome-stable-22.0.1229.92-159988.x86_64.rpm (43 MB) - 8th Oct 2012
google-chrome-stable-22.0.1229.94-161065.x86_64.rpm (43MB) - Today

To be fair I also got two kernel rel

Re:

[Arker]

I guess I overstated, I dont expect a program that doesnt suck. Just one that sucks less. That's all I ask for, a little slack.

They suck when they get in your way with awkward interfaces or change for the sake of change. They suck when they encourage a generation of truly awful web designers and even infect HTML itself with suckage. They suck when they hand control of your machine out to any random web page they happen to get directed to. They suck when they insult your intelligence with idiotic schemes pre

Re:

[Arker]

Not acceptable. They have paid developers. This should have been job number 1 until it was fixed.

Re:

[gottabeme]

Maybe it should have higher priority, but come on, job #1?

Re:

[Arker]

Perhaps a slight exaggeration, but with the amount of time we are talking about, and so much work done on NEW UI stuff over that time, it's insane that major UI breakage has been ignored and left to fester the entire time. Fixing what is broken should be obviously and undeniably higher priority than adding new features. How many new features has firefox added in just the last ten years? Yet the paid developers cant be bothered to fix the fundamentals of the system, and actually suggest that the users shoul

Re:

[gottabeme]

Yeah, I generally agree with you. I suppose, to be fair, I should admit that one could say that I just want them to fix the bugs that are important to me. But some of the ones that are neglected do seem much more important than yet another minor UI change, or WebGL, or another fancy web site/logo redesign. Yeah, yeah, not everyone can do the Firefox coding, but money can be put toward anything.

The problem, I think, is that browsers are now far too complex to be effectively maintained as a community projec

Re:

[Arker]

The problem, I think, is that browsers are now far too complex to be effectively maintained as a community project. Sure, you see little browser projects, like how KDE is trying to push Rekonq as their new default browser, but come on: look at how many people it takes just to make Firefox and Chrome secure, and they're fixing security bugs constantly. How could a few guys make a secure browser in their spare time, a browser that does all the modern JS/CSS/HTML5/plugin stuff? I don't think it can be done.

I

Already?

[jones_supa]

I know about the new speedy release scheme, but how is it possible that version 16 is released when 15 is only at 15.0.1?

Re:

[jonadab]

> I know about the new speedy release scheme, but how is it
> possible that version 16 is released when 15 is only at 15.0.1?

Apparently you've *heard* of the new speedy release scheme but don't actually _know_ about it.

Point releases are no longer planned in to the release schedule. After 15.0.1, the next planned, scheduled release would be 16.0, and after that 17.0 then 18.0. That's the whole point of the new speedy release scheme: every planned release, no matter how minor, gets a new major version

Re:

[UltraZelda64]

Except... this new light-speed release cycle has already proven to create several duds, leading to an official release and then a near-immediate (or in this case, immediate) bugfix "point" release. So it's obviously not working too well. But don't tell Mozilla that, it might just make Asa cry. I've said it before and I'll say it again, I can't say it enough... Mozilla's rapid-release idea is a fucking joke.

The reality is that this should something more like 4.5.12 or something... not version 16.

Re:

[lennier]

Soon new versions of Firefox will start installing themselves in user-writable locations in each user account separately by default, just to make sure all network administrators hate it with a fiery passion.

Actually that would make our lives easier. So they won't do that. I think if the Firefox devs really cared what us administrators thought they'd have provided centralised Group Policy configuration back when we asked for it - ten years or so ago - instead of making us edit custom .js files and manually ship them to the workstations. But still, they haven't completely forgotten us; they keep the old Netscape Communicator era "profile" system with randomised path name, which nobody ever uses and which breaks

Gee I wonder how this will go

[teslatug]

Let's see, they make it super easy to upgrade, but much harder (in comparison) to downgrade. Can you guess what the majority of users will do?

Of course the fast upgrade cycle has a downside, it's only a matter of time before Mozilla would let its users down with this newfangled upgrade methodology they've subscribed to.

If you're going to have a quick and seamless way to upgrade, you better have a quick and seamless way of downgrading too!

Re:

[Cyko_01]

It funny you say that, because the new rapid release cycle allows for twice as much bug finding/fixing time compared to the old way

Re:

[Cyko_01]

Oh, and most people will wait the 2 days for the patch in 16.0.1

Pointless pull

[GeekWithAKnife]

I don't get why they bothered, By the time anyone gets around to bothering with an exploit on a mass scale Firefox 17 would have been released. Besides, who really wants to know I visit "extra lunch money" on a daily basis?

Re:

[bsmedberg]

Malware authors work a lot faster and more efficiently nowadays. Public security holes show up in the rootkits within hours or days and are exploited within a week.

In slightly related news 10hrs chrome patch

[bobstreo]

http://news.slashdot.org/story/12/10/10/2113239/in-under-10-hours-google-patches-chrome-to-plug-hole-found-at-its-pwnium-event [slashdot.org]

Firefox 10 ESR(Extended Support Release)

[sardinha]

Certainly there are pros and cons, and it’s indicated to organizations, but why not using Firefox 10 ESR(Extended Support Release) and escape pressure of the browser market? http://www.mozilla.org/en-US/firefox/organizations/all.html [mozilla.org]

Re:

[RatherBeAnonymous]

I use FF 10 ESR personally and I install it on the work computers. In general I'm happy with it and my users are happy with the web browser interface not changing every month and a half, but I have run across one annoying issue. Many web developers have a policy of only supporting browsers 2 or 3 versions older than what is current. Developers in the know should certainly make an exception for Firefox ESR, but I have had a few web sites admonish me for running an outdated browser.

Wasn't on the beta channel first

[Animats]

I was subscribed to the Firefox beta channel, since I develop add-ons for Firefox. When Firefox 16 came out on the release channel, the beta channel was still delivering Firefox 15.0. Apparently somebody skipped the beta test.

Already fixed

[Emetophobe]

16.0.1 was already released. Release notes here [mozilla.org].

Re:

[Luckyo]

Add-on locked. I stayed on 3.6 though, chrome's interface is intolerable for me. So I just run it sandboxed now.

Re:

[Luckyo]

It of the same problems as any post-3.6 does. The only problem it removes is constant add-on compatibility headaches. The rest is still a turd.

Re:

[Luckyo]

If you want to spend significant effort owning my browser, go ahead. I dump contents of sandbox it sits in on a regular basis.

Not to mention I have sane banking and billing. Even if you get me keylogged, you're not getting into my account. Nevermind that I haven't had a security breach ever since I got form.A virus back in floppy days. Security is not only about holes, but about safe practices as well. And I play things like WoW and GW2, where people with all those nice shiny browsers get "hacked" left and

Re:

[Luckyo]

I agree on slowness, it's a bit laggy on my cheap personal laptop as I use it with a lot of tabs open. But it's a small price to pay to not have to suffer from chrome's interface with all its usability-butchering small screen optimizations on my dual 24" monitor setup as well as never having to worry about key add-ons, such as mission critical (for me) finnish spellchecking break on update with no recourse but rollback.

Essentially, unless someone mods entire 3.6 UI back, including a functional status bar an

Re:

[Desler]

Yeah because W3Schools is totally a realistic sampling of the general population. On the other hand Wikimedia's stats peg it as under 20% [wikipedia.org].

Re:

[iggymanz]

you do know that's just a graph of the browser types that visit wikipedia?

Re:

[Lennie]

And as you know (and can already see on that page) the graphs vary widely between these "providers".

The graph at the top shows visitors to Wikipedia yes.

The graphs from statcounter count pageviews, the graphs from netmarketshare count by visitors (maybe even IP-address).

Which means statcounter is skewed for heavy Internet users (users which do many page views will skew the results in their 'favor'). Heavy users of the web will probably use a newer browser.

But the netmarketshare numbers are also delibertly b

Re:

[jonadab]

> http://www.w3schools.com/browsers/browsers_stats.asp

Bear in mind, those are stats from a site visited almost exclusively by web content developers, most of whom are fairly active on the computer, use it a lot, and are less averse to upgrades than average. It's not an entirely representative sample of the internet at large. Out-of-the-box defaults, such as what comes on a computer when you buy it at the store, would naturally be expected to be significantly underrepresented in such a sample. Newer br

Re:

[RatherBeAnonymous]

For what it's worth, according to Netmarketshare, http://www.netmarketshare.com/browser-market-share.aspx?qprid=1&qpcustomb=0 [netmarketshare.com], Chrome on the desktop has not been gaining ground since early 2012. It's hovering at around 19%. IE is holding steady as well at around 53-54%, with Firefox staying at about 20%. Judging by the trend lines, I'd say that for the desktop markets these shares are entrenched. I don't expect to see much change unless FF, IE, or Chrome does a major screw up to drive people off the