Mozilla isn't planning on releasing regular security updates for Firefox 4 (unless there's a really critical hole discovered). Instead, the non-profit organization wants its users to simply move to Firefox 5. This isn't a bad thing, but it is a bit confusing for Firefox users who are used to security-specific updates.
Firefox 4, the browser Mozilla shipped in March 2011, has reached End Of Life (EOL) status for vulnerability patches. Although the move may come as a surprise to Firefox users, Mozilla's developers have been toying with the idea to stop supporting Firefox 4 with security updates for weeks. Asa Dotzler, Mozilla's director of community development, recently summarized the situation in a post on the mozilla.dev.planning mailing list:
That being said, there already has been a 4.0.x release and there may be another if a critical security issue arises that requires a "chemspill" unplanned emergency fix. But that would be an *unplanned* emergency release and not a planned one. The planned security update for Firefox 4 is Firefox 5.
This means Firefox 4.0.1, released in April 2011 to fix eight flaws, will be the one and only security update for Firefox 4. Again, this could change if a very serious vulnerability is discovered, but right now it looks like Mozilla is going to simply working hard to push its users to the next major version of Firefox, even if all they want is a security patch.
This shift in security strategy stems from a bigger change as Mozilla switches to a rapid release development cycle that means new versions come more frequently. The company has promised to push out a new stable build every six weeks. Firefox 6 is thus slated for an August release. It remains to be seen if this new system can help Firefox regain its lost market share, but Mozilla hopes it helps its browser's security.