Firefox updates generally get into the testing repo soon after they're released. If you don't have /testing enabled, you won't see the update listed. I do install them as soon as they get into the repos. I just now installed Firefox 3.6.10 and haven't seen problems.
Okay, thanks. My tendency is towards stability, so I avoid "testing" but it looks like it's a bit of a different deal with VectorLinux. Just out of curiosity, do you normally upgrade most packages that come from the testing repository? I'm just wondering if I do enable testing, will I find myself allowing all (or most) of the updates as I tend to do now.
You need to be reasonably careful when using testing. For instance, don't click 'mark all upgrades' and then click 'execute' without looking very carefully at what may be 'upgraded'. Hopefully, all the software in testing will eventually end up in patches or extra, but there are good reasons why it goes to testing first. Things may break, and doing wholesale upgrades with the testing repo enabled is not a good idea.
However, doing selective upgrades from testing is a good move. Many of the packages that end up there will be bug or security related fixes for packages already installed. While the security fixes especially are important, they still need some testing, so they will be isolated in the testing repos to start with.
Unfortunately, I do not have the access rights to place messages in the Security Advisories section of the forum, and I don't always remember to make notes on the announcements when an upgraded package is security related. Still, keeping an eye on the packages that are announced will give you an idea of what releases are there to be tried. While 'testing' always carries some risk, if it is used selectively, it should minimize the chances of breaking anything, and (if you provide feedback) helps to keep Vector Linux up to date.