Firefox 3.6.4 Released With Out-of-Process Plugins

DragonHawk writes "Mozilla Firefox 3.6.4 went to general release today. The big new feature in this release is out-of-process plugins (OOPP). This means things like Flash, Java, QuickTime, etc., all run in separate processes, so when Flash decides to crash, it won't take your browser out with it. If Flash starts consuming all the CPU it can find, you can kill it without nuking your browser session. I've been using this feature since it was in the 'nightly build' stage, and it was still more stable than 3.6.3, just because Flash was isolated." And reader Trailrunner7 supplies another compelling reason to download 3.6.4: "Security researcher Michal Zalewski has identified a problem with the way Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar. The vulnerability, which Mozilla has fixed in version 3.6.4, has the effect of tricking users into thinking that they're visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers."

First

[Shikaku]

Firefox post. Firefox is the fastest browser around!

Re:First

[shadowbearer]

I've been using Opera, Google's Chrome, and IE alongside Firefox on W7 for about four months now on three computers, on a consistent basis, meaning every day.

  Opera is a bit faster, Chrome is a lot faster, but we are talking about tenths of a second here when rendering anything other than extremely complicated web pages which to be honest would render a lot faster in any browser if the designers wouldn't include so much crap in them that demands connections to multiple websites for stupid things like a small advertising gif image from a server that is already overloaded.

  Over that time, Firefox has been easily the most stable browser I've ever used - that might have something to do with me running addons such as adblock, flashblock, and NoScript - denying access to a lot of the poorly written or implemented crap websites that can crash any browser. I can count the number of times that Firefox has crashed on all three of my computers on one hand since the beginning of the year - that's two laptops and one desktop, running combinations of Windows XP, Windows 7, Ubuntu and Fedora.

  It didn't used to be that way, no. But it is now. Firefox also consistently recalls my previous browsing sessions - even after the multiple downtimes I had tonight during numerous power outages due to bad storms (the new battery for the UPS is in transit and should arrive tomorrow, and I ordered it from a website that does not list Firefox in their supported browsers list) neither Opera nor Chrome did so.

  The addon Xmarks has proven to be both useful and consistently stable, I'd highly recommend it.

  YMMV, YEMV, etc. This is just mine. I don't know about the rest of you, but I'll take stable over fast any day. I regularly have from a dozen to several dozen tabs open at any one time, and being able to recover my work after any crash, no matter the cause, means a lot to me. These features should have been written into browsers as DEFAULT features from the beginning. Somewhat around ten years ago I remember wishing that someone would just code a browser that could remember what I was doing before a crash, and do so consistently. Now, finally, I have one. Thank you, Mozilla.

  What I find ironic about the whole browser war is that the "feature leader" over the last decade has been the open source solutions - specifically firefox, and the rest of the field is playing catchup - especially Microsoft.

  SB

 

Re:First

[cgomezr]

I'm afraid Firefox hasn't been the feature leader at all. Tabbed browsing? Opera had it before. Mouse gestures? Opera had it before. Quick dial? Opera had it before. Customisable search bars? Opera had them before. Ad blocking? Opera had it before (although, admittedly, worse than Firefox's). Stored sessions? Opera had them before (and it does restore from crashes without any problem in my case). I could keep enumerating, I'd say 90% of the browser features that Firefox implements are copied from Opera.

OK, I think Firefox had private browsing before Opera, making it the browser of choice for pr0n (i.e. 99% of the internet usage); but now Opera has catched up on that and offers private and non-private tabs mixed in the same window :)

BTW, on my machine Opera behaves much better than Firefox with 20+ tabs open (I have 57 right now), it's still snappy and Firefox would be crawling and taking up loads of RAM. But of course YMMV.

UI Lag

[electrosoccertux]

now can we do something about the rest of the awful browser?

Open 20 tabs and the entire thing chugs to a grinding halt as only one (1) of my four (4) processor cores gets maxed out. So much for the "multithreading" everybody says that Firefox.
The same list of 20 tabs peg all my cores to 100% for a few seconds and then they're all done rendering, when I'm using Chrome. No thanks Firefox. You guys are ancientsauce.

Re:UI Lag

[Nadaka]

I have never had problems with firefox having a ton of tabs open.

I regularly have 15+ tabs, sometimes 50 or 60. The only time I have any issues is if I turn off no script and get some flash or javascript running to slow things down.

Re:UI Lag

[dakameleon]

Don't forget the ponies!

Re:UI Lag

[nmb3000]

This, this, this, this, this. The terrible user interface responsiveness of Firefox is what kept me on IE for the longest time (and I only moved because of addons, not because Firefox itself is any better).

For a good test, open a Slashdot story with ~1000 comments and watch as the browser just stops dead in the water for 5-15 seconds while it renders the page. You can also try opening the browser when you have 10 or more tabs saved in your session. Again, the entire interface is useless while the pages are rendering. If the browser really is multithreaded in any meaningful fashion, then the rendering threads obviously have a priority higher than the UI, which seems like a bad thing.

I'd rather have this improved than move plugins into an external process. Since I started using NoScript I haven't had Firefox crash because of Flash. Ever. However, I still read Slashdot so I do deal with the lagging on a regular basis.

Re:UI Lag

[hack++slash]

The biggest annoyance about FF I have is just that - why is FF giving CPU time to tabs you haven't looked at for a while?

It should be that you can configure something like "tab CPU timeout" in minutes so when you view a different tab, after X minutes the tab which is no longer displayed gets no CPU time at all - this should keep the browser fast even when you've got 10's/100's of tabs open.

I keep dozens of tabs open on my main machine as I use it as an alternative to keeping bookmarks, saves the hassle of clicking bookmarks and reloading whole pages - flipping to a different tab is like turning a page in a book, the information is there instantly, but it shouldn't suck CPU power when you're not looking at it.

Can already kill Flash in 3.6.3

[kbahey]

I confused, since I am on Kubuntu 10.04 64-bit version, and use the Firefox version that comes with that release (3.6.3).

For the longest time, I am able to kill npviewer.bin without Firefox crashing. I just get a grey box when I do that where Flash used to be.

Flash already runs as a separate process for me.

Here are the processes:

me 4177 1746 0 12:43 ? 00:00:00 /bin/sh /usr/lib/firefox-3.6.3/firefox
me 4182 4177 0 12:43 ? 00:00:00 /bin/sh /usr/lib/firefox-3.6.3/run-mozilla.sh /usr/lib/firefox-3.6.3/firefox-bin
me 4186 4182 9 12:43 ? 01:03:08 /usr/lib/firefox-3.6.3/firefox-bin
me 4353 4186 2 12:45 ? 00:16:37 /usr/lib/nspluginwrapper/i386/linux/npviewer.bin --plugin /usr/lib/flashplugin-installer/libflashplayer.so --connection /org/wrapper/NSPlugins/libflashplayer.so/4186-1

So, what is happening here?

Re:Can already kill Flash in 3.6.3

[yuhong]

That is because you are using nspluginwrapper to wrap the 32-bit Flash plugin.

Opera!

[uid8472]

Has no-one else yet commented to point out that Opera has run plugins in a separate process for years now? Then I guess I have to.

Not to minimize the accomplishments of the Firefox developers, I mean, and getting this feature to the Firefox userbase is valuable in and of itself, and so on. But there is precedent.

Re:Opera!

[luckymutt]

However it it was really all that, it would have a much larger fan base.

Popularity != better. Since IE has the largest fan base, you're saying that IE is the browser that is "all that?"

Just because they have had something for a while now, does not mean that Firefox, which is a far more popular browser, getting it is not a big deal.

Sure it's a big deal. Although it would have been a bigger deal if they were the first on the block to have gotten it.

Opera people always crack me up.

FF fanbois always crack me up. Do you people ever get tired of the pissing contest? Ever? And by the way, I am typing this in Konqueror. Suits my needs well enough.

Re:Opera!

[xigxag]

Popularity != better. Since IE has the largest fan base, you're saying that IE is the browser that is "all that?"

All other things being equal, the better software should be more popular. Why wouldn't that be the case?
Arguably, IE's market share is no exception to that principle...IE has traditionally been "better" for the average person simply because it comes pre-loaded on the OS instead of them having to try to find a legitimate download site. And it seems to me to be quite difficult for most people to distinguish malware from legitimate freeware/shareware. [Side note, I don't actually agree that IE has the largest "fan base." ]

But Opera vs. Firefox or Chrome, where's the disadvantage? Why can't it gain traction? Instead of playing verbal sparring games and gotchas, consider pondering that issue.

Correction: Bugfix will be in 3.6.6

[behindthewall]

According to the discoverer and the issue; he mixed up two different fixes, initially:

http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html

https://bugzilla.mozilla.org/show_bug.cgi?id=556957#c46

So...

[sootman]

... if Firefox crashes will all the plugins keep running?

Re:So...

[thoughtsatthemoment]

No. If I kill firefox.exe in the Task Manager the plugin process disappears too.

single process for all flash

[thoughtsatthemoment]

It looks like there is a single process plugin-container.exe to run all flash files. Killing this exe will stop playing all the flash files. This means while you are enjoying a show on hulu.com, a rogue flash ad could still spoil the fun.

Firefox futures

[DragonHawk]

I'll take this opportunity to post some non-inflammatory info on planned Firefox development.

Firefox 4.0, which may go into beta as early as next month, is supposed to do a lot in this direction. Overhauled JavaScript engine, overhauled HTML rendering, etc.

http://wiki.mozilla.org/Firefox/4/Beta

http://developer.mozilla.org/en/Firefox_4_for_developers

I thought I had heard that 4.0 was supposed to deliver one-process-per-page functionality, but I'm having trouble finding recent status info. (One drawback to high-speed FOSS development is it's hard to keep track of things like that.) But anyway, the project is named "Electrolysis" ("E10S" in Firefox-developer-speak).

http://wiki.mozilla.org/Electrolysis

http://wiki.mozilla.org/Talk:Firefox/Roadmap

Re:Firefox futures

Don't forget the new HTML5 parser that is already working in the betas. Not only will this be the first fully HTML5 compliant parser, it will also be faster, run in a separate thread off the main thread, and make it possible to use SVG and MathML inline in HTML documents.

http://hacks.mozilla.org/2010/05/firefox-4-the-html5-parser-inline-svg-speed-and-more/

Nope, sorry

[yuhong]

"And reader Trailrunner7 supplies another compelling reason to download 3.6.4: "Security researcher Michal Zalewski has identified a problem with the way Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar. The vulnerability, which Mozilla has fixed in version 3.6.4, has the effect of tricking users into thinking that they're visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers."" Nope, sorry: https://bugzilla.mozilla.org/show_bug.cgi?id=556957#c46

Re:Single process for each plugin

[BZ]

You're exactly right. Flash assumes that all running instances of it share a single address space and uses various internal communication channels to have the instances talk to each other. The Chrome folks actually tried a process per plugin instance, and it broke too much stuff out there.

Browser process models and multitasking

[DragonHawk]

For performance reasons, tabs don't and shouldn't run in separate processes.

I find that statement dubious. Please explain.

In my experience, the process-per-page (be they tab, window, or whatever) yields much better performance. I believe there are multiple reasons for this. For starters, the OS already has a perfectly good scheduler, and it makes sense to use that to handle multi-tasking. Indeed, OS people prolly know more about how to design a scheduler than browser people. By exposing the this to the OS, it also means the OS can do whatever tricks it has to make I/O, memory allocation, etc., more efficient on a per-page basis, rather than treating the whole browser as an opaque object.

Finally, lot of modern hardware has 2, 3, 4 or more processor cores. Firefox generally only uses one of them. A browser like Chrome can have each page render on its own processor core, which is a *huge* performance gain. Without that, any multitasking is going to be limited to slicing up a single core between multiple tasks. The system can still only do one thing at a time. By using multiple cores, the system actually gets multiple things done literally simultaneously. On good hardware, the performance difference is astounding.

"You know, the original motivation for the tabs feature was that each tab could be run in a separate thread whereas each window needs a separate process."

That's just plain wrong. Each window does not need a separate process. Each tab does not get a separate thread. In Firefox 3.6, multiple threads are used, but it's not a one-thread-per-tab thing. Most of the work is still done in a single monolithic thread.

The motivation for tabs in Firefox was to copy Opera. The motivation for tabs in Opera was as an alternative to one-page-per-window or MDI.

Privilege separation, anyone?

[FraGGod]

Ok, now that we're able to put flash code in a separate proc, my question is: can we cut it's privileges so another (monthly) "zero-day vulnerability" will finally become just a tale to scare little children?
Strangely enough, with all the concern about flash security, article seem to miss that point.

Re:No 64-bit version on the Mozilla website

[BZ]

This is at least in part because on the 3.6 branch the 64-bit version is not at feature parity with the 32-bit one (for example doesn't have the JS jit, so has much worse JS execution performance). So linking to it on equal terms really doesn't make sense.

For 4.0, 64-bit Linux builds are much higher quality (for example they actually have the automated correctness tests run on them). So there's a decent chance those builds might become tier-1 by the time 4.0 ships.

Re:Great

[kangsterizer]

However processes use a lot more memory. Firefox uses way, way less memory than Chrome when you have a few tabs open.

Also, the browser should not crash. But if it does, it restore the session, but seriously, that rarely happens on Firefox (yeah, Chrome tabs crash all the time, but that's Chrome's fault... flamebait maybe but one could argue tab-process encourage buggy code since it's no big deal when a tab crashes)

The only things the browser does not have control over are plugins, and they're not in their own process, which is cool. Extensions are a more complex matter, I suppose they could still bring down everything with own process tabs.

I'm not sure the security added by sandboxing tabs into processes is worth the trouble right now. It's some kind of hack after all.