While many people may be bemoaning the choice of Mozilla to update without consent, I suggest looking at it from a different perspective...
Many browser updates are largely brought about due to a few things, but security is generally a large matter when these upgrades get pushed. Yes, you may have kept a certain version for a reason (you don't want to change, you like the way it looks, etc), but let's focus on the other side of this with a short analogy. Say you go out and buy a new fire alarm and install it at your house. The fire alarm is there to help protect you from dying in a fire. Later, the manufacturing company realizes there are some minor design flaws which put you at risk of, well, dying in a fire. Most would argue that it is not only the duty and obligation of the company to replace (or upgrade) the alarm, but that it may even be right to legally mandate that they do. If the company came to you and said that there were some major flaws and they wanted to upgrade you, I doubt anyone would whine that they like the way the current model looks and want to pass.
However, when a browser does it, everyone bitches about it. The updates are there for many reasons, not just security. Generally speaking, however, browser updates not only benefit your own security, but also help make the web a better place for everyone, whether it be by better standards adherence, improved usability tools, or who knows what else.
One of the big reasons that this becomes a problem is that people dislike change, but on a larger scale, they dislike change of something they don't understand. Browsers, computers, the web, etc are very abstracted away from people to a point that most don't know anything about the way the tools they use on a daily basis work. When those tools change, it appears like some corporate robot is changing it to hurt them because they don't understand the reasons these things NEED to be updated. There isn't enough transparency on WHY the changes happen (there are in the changelogs, but try to get your mother to read or understand that) and understanding of the base layers and it makes it very hard for people to understand.
I think one step forward here is to present users with a laymans explanation on why they need to update their browser. Telling them "We need to update your browser because we've discovered a potential problem where someone could possibly steal your credit card number while making purchases" is a lot more straightforward than this: http://www.mozilla.org/en-US/firefox/13.0.1/releasenotes/
To make it complete, the fictional fire alarm company would not come to you at all. While at your house originally installing the fire alarm, they would grab the key to your house from where it hangs by the door, make a copy (without your knowledge), then hang it back on the wall. Later, when the defect in the alarm was discovered, they would use that copy of the key to let themselves in to your house while you were at work. Then they would replace the fire alarm without your consent or your knowledge of them doing so (well, of course, until you returned from work and figured out what happened when you were gone -- assuming that you noticed the new alarm).
I don't have a problem with companies and other development organizations updating their software. In fact, I encourage them to do so (especially in the case of security issues). However, I do have a problem with said companies/organizations making such updates without first informing me that they are doing so, and getting my consent to do so before performing the update.
It's not your computer. It's my computer. I paid for it. I get to control it. Period. If I am subject to security vulnerabilities because of the browser version I'm using, that is my responsibility.
I detest software where automatic updates are turned on by default, without ever presenting the user the option of turning them off (without having to go hunt down said option after the program is installed). Automatic updates have ramifications. They can screw up working installations. I get tired of having to go and disable automatic updates from applications, browsers, java runtimes (and that stupid Java system tray icon in Windows).
I'm not against being able to turn on automatic updates. There are plenty of users who don't want to fool with it, and that's their business. I just think users should be given the choice up front. We shouldn't have to go looking for it after installation. I am still mildly irritated by having an option for automatic updates being checked on by default at installation time, but I could live with that irritation if all applications were explicitly giving users the option then. However, the trend of late seems to be updates turned on automatically, without even informing the user that there are automatic updates.
I like to know when software is being installed on my computer. I want to be asked before it is installed.
Understandable... One other thing to keep in mind also is that you're using free software when it comes to Firefox. If someone wants to give me something for free with the requirement that it automatically updates to both keep me secure and push the web forward, I'm all for it. Given that the majority of users don't know what the hell they're even using, I think it makes sense to turn on auto updates for the average user, while the power users like us dig deeper to turn it off.
edit: also, to nitpick your analogy amendment of my fictional alarm company copying a key without your knowledge, I don't think opening software and having it "fix itself" automatically is anything akin to having a person steal a key to your house and enter it without your knowledge... However, I do agree my analogy was a bit flawed and that the reality is somewhere in between both of our views.
I figured the "yeah but it's free software" thing would be part of the comeback. My response is that Firefox being free is completely irrelevant to my point. I'm the owner of the computer. You should never install anything on my computer without my consent. And yes, I think it is bad for you to do that with an average user also. I, as a user, downloaded Firefox 3.x (or whatever version) and installed it. I expect Firefox 3.x to be the one that is running after I install it. I don't have a problem with the installation program putting up a dialog that says "We'd like to keep this software up to date. May we turn on automatic updates for this software? (yes/no)". As I said in my previous post, I can even begrudgingly live with the "Yes" option being checked by default. To me, it is the fact that all of this is done by default without ever asking me about it that is bad bad bad. The user should be told. A simple explanation is not difficult, and most users who would go to the trouble of installing something should be able to understand a reasonably well-written explanation. And even if only 40% of them do, it is still better that the option be given. If they don't want to be bothered with it, they are most likely going to just take the defaults anyway.
As to the nitpick about the analogy -- of course it isn't the same level of severity. It's an analogy. Installing a fire alarm system can't be compared to installing Firefox on my computer either. One takes hours, the other takes only minutes. I wasn't trying to say that breaking and entering was equivalent to covertly installing program updates without user consent. I was merely trying to complete the analogy (perhaps remote wireless fire alarm firmware updates without homeowner consent would have been a better choice -- but I didn't think of that possibility until just now. :-D )
The semi-amusing part about this whole discussion is the reason that I'm replying again. I'd installed Firefox on one of the machines in my house a while back, and I forgot to turn off the automatic updates. Started up Firefox only to have it apply the update it had automatically downloaded without my knowledge. Grrrrrrr. Sorry, this just rubs me the wrong way, and I don't like Firefox running a background service to install updates either (also an option that I didn't chose).
Many browser updates are largely brought about due to a few things, but security is generally a large matter when these upgrades get pushed. Yes, you may have kept a certain version for a reason (you don't want to change, you like the way it looks, etc), but let's focus on the other side of this with a short analogy. Say you go out and buy a new fire alarm and install it at your house. The fire alarm is there to help protect you from dying in a fire. Later, the manufacturing company realizes there are some minor design flaws which put you at risk of, well, dying in a fire. Most would argue that it is not only the duty and obligation of the company to replace (or upgrade) the alarm, but that it may even be right to legally mandate that they do. If the company came to you and said that there were some major flaws and they wanted to upgrade you, I doubt anyone would whine that they like the way the current model looks and want to pass.
However, when a browser does it, everyone bitches about it. The updates are there for many reasons, not just security. Generally speaking, however, browser updates not only benefit your own security, but also help make the web a better place for everyone, whether it be by better standards adherence, improved usability tools, or who knows what else.
One of the big reasons that this becomes a problem is that people dislike change, but on a larger scale, they dislike change of something they don't understand. Browsers, computers, the web, etc are very abstracted away from people to a point that most don't know anything about the way the tools they use on a daily basis work. When those tools change, it appears like some corporate robot is changing it to hurt them because they don't understand the reasons these things NEED to be updated. There isn't enough transparency on WHY the changes happen (there are in the changelogs, but try to get your mother to read or understand that) and understanding of the base layers and it makes it very hard for people to understand.
I think one step forward here is to present users with a laymans explanation on why they need to update their browser. Telling them "We need to update your browser because we've discovered a potential problem where someone could possibly steal your credit card number while making purchases" is a lot more straightforward than this: http://www.mozilla.org/en-US/firefox/13.0.1/releasenotes/