Firefox 3.6.4 Released With Out-of-Process Plugins

DragonHawk writes "Mozilla Firefox 3.6.4 went to general release today. The big new feature in this release is out-of-process plugins (OOPP). This means things like Flash, Java, QuickTime, etc., all run in separate processes, so when Flash decides to crash, it won't take your browser out with it. If Flash starts consuming all the CPU it can find, you can kill it without nuking your browser session. I've been using this feature since it was in the 'nightly build' stage, and it was still more stable than 3.6.3, just because Flash was isolated." And reader Trailrunner7 supplies another compelling reason to download 3.6.4: "Security researcher Michal Zalewski has identified a problem with the way Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar. The vulnerability, which Mozilla has fixed in version 3.6.4, has the effect of tricking users into thinking that they're visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers."

First

[Shikaku]

Firefox post. Firefox is the fastest browser around!

Re:First

[shadowbearer]

I've been using Opera, Google's Chrome, and IE alongside Firefox on W7 for about four months now on three computers, on a consistent basis, meaning every day.

  Opera is a bit faster, Chrome is a lot faster, but we are talking about tenths of a second here when rendering anything other than extremely complicated web pages which to be honest would render a lot faster in any browser if the designers wouldn't include so much crap in them that demands connections to multiple websites for stupid things like a small advertising gif image from a server that is already overloaded.

  Over that time, Firefox has been easily the most stable browser I've ever used - that might have something to do with me running addons such as adblock, flashblock, and NoScript - denying access to a lot of the poorly written or implemented crap websites that can crash any browser. I can count the number of times that Firefox has crashed on all three of my computers on one hand since the beginning of the year - that's two laptops and one desktop, running combinations of Windows XP, Windows 7, Ubuntu and Fedora.

  It didn't used to be that way, no. But it is now. Firefox also consistently recalls my previous browsing sessions - even after the multiple downtimes I had tonight during numerous power outages due to bad storms (the new battery for the UPS is in transit and should arrive tomorrow, and I ordered it from a website that does not list Firefox in their supported browsers list) neither Opera nor Chrome did so.

  The addon Xmarks has proven to be both useful and consistently stable, I'd highly recommend it.

  YMMV, YEMV, etc. This is just mine. I don't know about the rest of you, but I'll take stable over fast any day. I regularly have from a dozen to several dozen tabs open at any one time, and being able to recover my work after any crash, no matter the cause, means a lot to me. These features should have been written into browsers as DEFAULT features from the beginning. Somewhat around ten years ago I remember wishing that someone would just code a browser that could remember what I was doing before a crash, and do so consistently. Now, finally, I have one. Thank you, Mozilla.

  What I find ironic about the whole browser war is that the "feature leader" over the last decade has been the open source solutions - specifically firefox, and the rest of the field is playing catchup - especially Microsoft.

  SB

 

Re:First

[cgomezr]

I'm afraid Firefox hasn't been the feature leader at all. Tabbed browsing? Opera had it before. Mouse gestures? Opera had it before. Quick dial? Opera had it before. Customisable search bars? Opera had them before. Ad blocking? Opera had it before (although, admittedly, worse than Firefox's). Stored sessions? Opera had them before (and it does restore from crashes without any problem in my case). I could keep enumerating, I'd say 90% of the browser features that Firefox implements are copied from Opera.

OK, I think Firefox had private browsing before Opera, making it the browser of choice for pr0n (i.e. 99% of the internet usage); but now Opera has catched up on that and offers private and non-private tabs mixed in the same window :)

BTW, on my machine Opera behaves much better than Firefox with 20+ tabs open (I have 57 right now), it's still snappy and Firefox would be crawling and taking up loads of RAM. But of course YMMV.

Re:First

[Jurily]

The main problem I see with web browsers today, is that they completely and utterly ignore every single user interface design convention they can find.

With Chrome reinventing window layout, Firefox reinventing standard dialog layout, and Opera reinventing UI themes, where do we take refuge? Hell, even IE doesn't have menus by default anymore.

That said, Firefox has Adblock, and Adblock has hufilter, so I'm not switching anytime soon.

UI Lag

[electrosoccertux]

now can we do something about the rest of the awful browser?

Open 20 tabs and the entire thing chugs to a grinding halt as only one (1) of my four (4) processor cores gets maxed out. So much for the "multithreading" everybody says that Firefox.
The same list of 20 tabs peg all my cores to 100% for a few seconds and then they're all done rendering, when I'm using Chrome. No thanks Firefox. You guys are ancientsauce.

Re:UI Lag

[Nadaka]

I have never had problems with firefox having a ton of tabs open.

I regularly have 15+ tabs, sometimes 50 or 60. The only time I have any issues is if I turn off no script and get some flash or javascript running to slow things down.

Re:UI Lag

[dakameleon]

Don't forget the ponies!

Re:UI Lag

[nmb3000]

This, this, this, this, this. The terrible user interface responsiveness of Firefox is what kept me on IE for the longest time (and I only moved because of addons, not because Firefox itself is any better).

For a good test, open a Slashdot story with ~1000 comments and watch as the browser just stops dead in the water for 5-15 seconds while it renders the page. You can also try opening the browser when you have 10 or more tabs saved in your session. Again, the entire interface is useless while the pages are rendering. If the browser really is multithreaded in any meaningful fashion, then the rendering threads obviously have a priority higher than the UI, which seems like a bad thing.

I'd rather have this improved than move plugins into an external process. Since I started using NoScript I haven't had Firefox crash because of Flash. Ever. However, I still read Slashdot so I do deal with the lagging on a regular basis.

Re:UI Lag

[nmb3000]

My problem is that I kind of hate the Internet with NoScript.

You might take a look at YesScript (a JavaScript blacklisting plugin sans all the extra protection crud in NoScript). If you use it in conjunction with AdBlock+subscriptions you'll probably block quite a bit.

That said, I like NoScript in general because of just how much faster most sites are with their scripts disabled. It does get annoying though, as more and more sites are completely non-navigable without scripts enabled.

Re:UI Lag

[inode_buddha]

Interesting. Ever since my SMP box died, I'm using an old P4 e-Machine with 512 megs and linux. Flash playback, and video in general plays just fine. Graphics are onboard Intel i915. Though newer versions of FF *are* much better. I saved a bunch of CPU horsepower by using a decent hosts file so that AdBlock and NoScript don't have to work so much.

The UI *does* lag a bit with pages that have tons of comments, but not nearly as bad as it used to be. On the SMP box there wasn't any lag at all. By SMP I mean multi-sockets and large RAM; not just multi-cores.

Re:UI Lag

[shadowbearer]

So in other words, the thing runs perfectly if you disable the default options and install ad-ons to make it work right and then disable plugins.

  I'm running the release with over sixty tabs open, adblock, noscript, flashblock, + other addons, an HD youtube video for entertainment on the second monitor, several adobe plugin pdfs open, plus some active weather flash running (it was storming here earlier, watching the radar) and Firefox is only using about six hundred MB or so. My three year old desktop X2/32bitW7/4GB is still snappy, I hardly notice the difference.

  I don't even remember the last time Firefox crashed on this system (W7). Sometime in February I think, I'd have to look at my logs. Firefox has been incredibly stable for me for at least a couple years, and that experience has been echoed on the systems I build for customers as well. I suspect at least some it may be due the other memory resident programs on the computer, particularly antivirus programs, although I can't name any offhand, not enough data yet.

SB

Re:UI Lag

[hack++slash]

The biggest annoyance about FF I have is just that - why is FF giving CPU time to tabs you haven't looked at for a while?

It should be that you can configure something like "tab CPU timeout" in minutes so when you view a different tab, after X minutes the tab which is no longer displayed gets no CPU time at all - this should keep the browser fast even when you've got 10's/100's of tabs open.

I keep dozens of tabs open on my main machine as I use it as an alternative to keeping bookmarks, saves the hassle of clicking bookmarks and reloading whole pages - flipping to a different tab is like turning a page in a book, the information is there instantly, but it shouldn't suck CPU power when you're not looking at it.

Can already kill Flash in 3.6.3

[kbahey]

I confused, since I am on Kubuntu 10.04 64-bit version, and use the Firefox version that comes with that release (3.6.3).

For the longest time, I am able to kill npviewer.bin without Firefox crashing. I just get a grey box when I do that where Flash used to be.

Flash already runs as a separate process for me.

Here are the processes:

me 4177 1746 0 12:43 ? 00:00:00 /bin/sh /usr/lib/firefox-3.6.3/firefox
me 4182 4177 0 12:43 ? 00:00:00 /bin/sh /usr/lib/firefox-3.6.3/run-mozilla.sh /usr/lib/firefox-3.6.3/firefox-bin
me 4186 4182 9 12:43 ? 01:03:08 /usr/lib/firefox-3.6.3/firefox-bin
me 4353 4186 2 12:45 ? 00:16:37 /usr/lib/nspluginwrapper/i386/linux/npviewer.bin --plugin /usr/lib/flashplugin-installer/libflashplayer.so --connection /org/wrapper/NSPlugins/libflashplayer.so/4186-1

So, what is happening here?

Re:Can already kill Flash in 3.6.3

[yuhong]

That is because you are using nspluginwrapper to wrap the 32-bit Flash plugin.

Opera!

[uid8472]

Has no-one else yet commented to point out that Opera has run plugins in a separate process for years now? Then I guess I have to.

Not to minimize the accomplishments of the Firefox developers, I mean, and getting this feature to the Firefox userbase is valuable in and of itself, and so on. But there is precedent.

Re:Opera!

[Nimey]

Opera is a poor imitation of lynx.

Re:Opera!

[luckymutt]

However it it was really all that, it would have a much larger fan base.

Popularity != better. Since IE has the largest fan base, you're saying that IE is the browser that is "all that?"

Just because they have had something for a while now, does not mean that Firefox, which is a far more popular browser, getting it is not a big deal.

Sure it's a big deal. Although it would have been a bigger deal if they were the first on the block to have gotten it.

Opera people always crack me up.

FF fanbois always crack me up. Do you people ever get tired of the pissing contest? Ever? And by the way, I am typing this in Konqueror. Suits my needs well enough.

Re:Opera!

[xigxag]

Popularity != better. Since IE has the largest fan base, you're saying that IE is the browser that is "all that?"

All other things being equal, the better software should be more popular. Why wouldn't that be the case?
Arguably, IE's market share is no exception to that principle...IE has traditionally been "better" for the average person simply because it comes pre-loaded on the OS instead of them having to try to find a legitimate download site. And it seems to me to be quite difficult for most people to distinguish malware from legitimate freeware/shareware. [Side note, I don't actually agree that IE has the largest "fan base." ]

But Opera vs. Firefox or Chrome, where's the disadvantage? Why can't it gain traction? Instead of playing verbal sparring games and gotchas, consider pondering that issue.

Re:Opera!

[Ndymium]

I would like to comment that it, in fact, doesn't. I've run Opera on OS X and Windows for a few years now and have seen no indication of that. In fact, I can see only one Opera process in Activity Monitor right now, with 15 threads - even if I open up a Youtube video. When Flash crashes, so does the whole browser (which used to happen all the time with the 10.5x betas). I've heard rumors on the My Opera forums that Opera on *nix might have this, but the OS X version certainly doesn't and I have no knowledge that the Windows version would either. Opera is a great browser, but this is something I've yet to see (and am eager to).

Re:Opera!

[Jugalator]

Popularity != better. Since IE has the largest fan base, you're saying that IE is the browser that is "all that?"

Neither Opera, nor Firefox or Chrome, are shipped with any Windows version.

Re:Opera!

[broeman]

Exactly, and furthermore Mozilla and Opera have had the same struggle for a fan base in the same period. Mozilla not only did good marketing, but they also managed to create a browser, that people really wanted to use (Opera just is to weird for some people, like me, although I liked Opera Mini on my old Symbian phone).

Correction: Bugfix will be in 3.6.6

[behindthewall]

According to the discoverer and the issue; he mixed up two different fixes, initially:

http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html

https://bugzilla.mozilla.org/show_bug.cgi?id=556957#c46

So...

[sootman]

... if Firefox crashes will all the plugins keep running?

Re:So...

[thoughtsatthemoment]

No. If I kill firefox.exe in the Task Manager the plugin process disappears too.

single process for all flash

[thoughtsatthemoment]

It looks like there is a single process plugin-container.exe to run all flash files. Killing this exe will stop playing all the flash files. This means while you are enjoying a show on hulu.com, a rogue flash ad could still spoil the fun.

Firefox futures

[DragonHawk]

I'll take this opportunity to post some non-inflammatory info on planned Firefox development.

Firefox 4.0, which may go into beta as early as next month, is supposed to do a lot in this direction. Overhauled JavaScript engine, overhauled HTML rendering, etc.

http://wiki.mozilla.org/Firefox/4/Beta

http://developer.mozilla.org/en/Firefox_4_for_developers

I thought I had heard that 4.0 was supposed to deliver one-process-per-page functionality, but I'm having trouble finding recent status info. (One drawback to high-speed FOSS development is it's hard to keep track of things like that.) But anyway, the project is named "Electrolysis" ("E10S" in Firefox-developer-speak).

http://wiki.mozilla.org/Electrolysis

http://wiki.mozilla.org/Talk:Firefox/Roadmap

Re:Firefox futures

Don't forget the new HTML5 parser that is already working in the betas. Not only will this be the first fully HTML5 compliant parser, it will also be faster, run in a separate thread off the main thread, and make it possible to use SVG and MathML inline in HTML documents.

http://hacks.mozilla.org/2010/05/firefox-4-the-html5-parser-inline-svg-speed-and-more/

Re:Great

[BhaKi]

For performance reasons, tabs don't and shouldn't run in separate processes. You know, the original motivation for the tabs feature was that each tab could be run in a separate thread whereas each window needs a separate process. On most platforms, processes are more expensive than threads.

Nope, sorry

[yuhong]

"And reader Trailrunner7 supplies another compelling reason to download 3.6.4: "Security researcher Michal Zalewski has identified a problem with the way Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar. The vulnerability, which Mozilla has fixed in version 3.6.4, has the effect of tricking users into thinking that they're visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers."" Nope, sorry: https://bugzilla.mozilla.org/show_bug.cgi?id=556957#c46

Re:Single process for each plugin

[BZ]

You're exactly right. Flash assumes that all running instances of it share a single address space and uses various internal communication channels to have the instances talk to each other. The Chrome folks actually tried a process per plugin instance, and it broke too much stuff out there.

Browser process models and multitasking

[DragonHawk]

For performance reasons, tabs don't and shouldn't run in separate processes.

I find that statement dubious. Please explain.

In my experience, the process-per-page (be they tab, window, or whatever) yields much better performance. I believe there are multiple reasons for this. For starters, the OS already has a perfectly good scheduler, and it makes sense to use that to handle multi-tasking. Indeed, OS people prolly know more about how to design a scheduler than browser people. By exposing the this to the OS, it also means the OS can do whatever tricks it has to make I/O, memory allocation, etc., more efficient on a per-page basis, rather than treating the whole browser as an opaque object.

Finally, lot of modern hardware has 2, 3, 4 or more processor cores. Firefox generally only uses one of them. A browser like Chrome can have each page render on its own processor core, which is a *huge* performance gain. Without that, any multitasking is going to be limited to slicing up a single core between multiple tasks. The system can still only do one thing at a time. By using multiple cores, the system actually gets multiple things done literally simultaneously. On good hardware, the performance difference is astounding.

"You know, the original motivation for the tabs feature was that each tab could be run in a separate thread whereas each window needs a separate process."

That's just plain wrong. Each window does not need a separate process. Each tab does not get a separate thread. In Firefox 3.6, multiple threads are used, but it's not a one-thread-per-tab thing. Most of the work is still done in a single monolithic thread.

The motivation for tabs in Firefox was to copy Opera. The motivation for tabs in Opera was as an alternative to one-page-per-window or MDI.

Privilege separation, anyone?

[FraGGod]

Ok, now that we're able to put flash code in a separate proc, my question is: can we cut it's privileges so another (monthly) "zero-day vulnerability" will finally become just a tale to scare little children?
Strangely enough, with all the concern about flash security, article seem to miss that point.

Re:Privilege separation, anyone?

[BZ]

You can, if you're willing to break enough sites... Flash commonly performs network access, raw graphics operations of various sort, file access, and a few other things like that which would have to be disallowed in a sandbox.

Re:Privilege separation, anyone?

[FraGGod]

Well, I can think of a "nobody" user with home in, say, /tmp/nobody, and flash is running with it's uid and cgroup'ed, so:

• flash can read any libs or binaries (for these raw graphic ops, I presume) from fs as needed.
• flash can't access sensitive data in /home/myuser.
• flash can't write to /home/myuser/.mozilla/firefox/**/some_binary_file (that might get injected into process, run as "myuser").
• it can write to it's own "home" and access network as it pleases, although it will die along with a browser tab (cgroup gets killed, and flash can't escape it via forks).

I don't know much about what files flash accesses on local fs, but it certainly doesn't need write access anywhere but $HOME on unixes (works fine w/o it as it is), and I doubt it ever accesses ~/.mozilla (or ~/.opera, ~/.chrome, whatever) directly - these are subject to a constant change and shouldn't be necessary for the plugin which has direct interface to a working browser (whatever one it is). What am I missing here?

Re:Privilege separation, anyone?

[BZ]

What flash needs for a lot of what it does is raw device access. In Linux terms, access to stuff in /dev (video, camera, audio, etc).

It's clearly possible to setuid Flash to a low-privileges user if you want it to not write to disk in general and don't mind breaking part of the functionality. The question is whether you're willing to break it. Browsers may not be in a position to do that (though you individually may be if you don't use certain Flash features yourself).

Firefox does NOT do process-per-page

[DragonHawk]

"In my experience, the process-per-page (be they tab, window, or whatever) yields much better performance."

"While reading Slashdot, it doesn't make one bit of difference. While one story tab loads, the rest of Firefox FREEZES while slashdot struggles to get rendered. I can't even scroll up or down."

That's because Firefox uses a single thread for just about everything. If a page is slow to render because of complex HTML/CSS, or has bad JavaScript which eats up CPU time, that drags everything to a stand-still.

Browsers that use a separate process/thread per page, on other hand, will keep everything else running. That one page will be slow/non-responsive, but everything else keeps humming along nicely (as long as the hardware can keep up). Google Chrome works this way. Firefox does not (yet).

(Firefox does spawn multiple threads, but the bulk of the work appears to be done in one thread. I presume the others are support/helper threads.)

And people say Flash is consumer unfriendly

[gig]

So all we have to do is send all Web users to night classes on process management so they can diagnose when Flash is consuming too many resources and identify and kill the relevant process. That way we can rescue Flash designers from having to learn HTML and Adobe from having to compete with anybody. Makes total sense. I mean, playing video ought to be complicated, right?

 

Re:No 64-bit version on the Mozilla website

[BZ]

This is at least in part because on the 3.6 branch the 64-bit version is not at feature parity with the 32-bit one (for example doesn't have the JS jit, so has much worse JS execution performance). So linking to it on equal terms really doesn't make sense.

For 4.0, 64-bit Linux builds are much higher quality (for example they actually have the automated correctness tests run on them). So there's a decent chance those builds might become tier-1 by the time 4.0 ships.

Cool multitasking

[Snufu]

Now I can watch Youtube and post on Slashdot at the same t

Re:Great

[kangsterizer]

However processes use a lot more memory. Firefox uses way, way less memory than Chrome when you have a few tabs open.

Also, the browser should not crash. But if it does, it restore the session, but seriously, that rarely happens on Firefox (yeah, Chrome tabs crash all the time, but that's Chrome's fault... flamebait maybe but one could argue tab-process encourage buggy code since it's no big deal when a tab crashes)

The only things the browser does not have control over are plugins, and they're not in their own process, which is cool. Extensions are a more complex matter, I suppose they could still bring down everything with own process tabs.

I'm not sure the security added by sandboxing tabs into processes is worth the trouble right now. It's some kind of hack after all.

As a Linux user

As a Linux user I can sum up my choice of browser in the following way:

Opera: Excellent browser. Has the best set of features of any browser out-of-the-box, almost no rendering issues and it's fast. Unfortunately it can't be patched, updated and packaged as easily as other free software browsers. It's closed nature also makes it non-portable, limiting me to whatever platforms Opera Software decides to support. It was my browser of choice for a long time but when I started to migrate to pure64 Linux Opera's releases didn't keep up. Ruled out.

Chromium: Also excellent. Unfortunately Google's development model for the browser makes it painful to package and distribute. The bootstrap tarball is a whopping 700MB in size, and after the tarball has been downloaded you have to update it with svn. AFAIK there are no regular release tarballs and shipping a 700MB non-current tarball in the source tree with a strange build system and code that has to be updated before building is out of the question. It would be my browser of choice on Linux if it didn't complicate things so much. I think most Linux distributors agree with a number of these points, which is why we don't see more of them package Chrome(ium). Distributions like Slackware would never, ever carry source code that big (at best you get the pre-built binaries from Google.. again, this affects portability and from what I know it's heavily optimized for x86, probably won't even work on PPC/ARM). Ruled out.

Konqueror: Great browser for the most part, but uncomfortable to use. Has rendering issues (and "flickering" when it draws and loads webpages, forms are sometimes broken etc.) which makes it annoying, plugins don't always work (like flash). And the way bookmarks is implemented isn't as polished as one would hope. KHTML is a good engine but not as good as WebKit, and QT's internal WebKit engine apparently needs work (based on my experience with Rekonq which needs a LOT of polish). Ruled out.

Epiphany: Haven't used the new WebKit-based version because I don't use Gnome (and it's heavily tied to it). Probably what I would recommend and use myself if I didn't prefer KDE as my desktop. Ruled out.

Firefox: The browser I prefer. It isn't the fastest browser but it's fast enough. It's easy to build and the functionality it lacks can be added with extensions. I use it because it's well supported and just works. Fact is, while there are plenty of browsers that can compete with Firefox in terms of features and polish (even exceed it) those aren't the reasons I actually USE firefox. It's might be based on Gtk but isn't tied into Gnome so it's well suited for using on desktops other than Gnome (like Xfce and KDE).

I don't fit the profile of your average Linux user so my reasons for choosing a particular browser is different from the norm, but the fact is that Firefox is good anough and it fits the free software development and distribution platform very well making it easy to support.