Firefox 48 Released With Multi-Process Support, Mandatory Add-On Signing

Mozilla on Tuesday released Firefox v48, touted as one of the most important updates the browser has ever received. With the new version, Firefox starts migrating users to using mullti-process threads (e10s, Electrolysis), and it is also the first version to ship with Rust component. In addition, Firefox is now also making add-on signing mandatory. From a Softpedia article: Announced last year, Electrolysis, e10s, or multi-process support is Firefox's ability to process core browser operations separately from the content viewed on a Web page. Multi-process support allows a page to crash without bringing the entire browser down with it and improves the browser's overall performance. e10s rollout will take place in two phases, first in Firefox 48, and it will finish in Firefox 49, set for release on September 13, 2016. Mandatory add-on signing refers to Firefox preventing users from installing any add-ons that have not been approved by Mozilla's testers. This is something similar to what Chrome employs, but Firefox users have been spoiled all these years, always having the capability of installing any add-on they've desired. Rust is a programming language that's a revamped and improved version of C++ but that protects developers from accidentally including dangerous memory bugs in their code. It achieves this by how the language was constructed and by how developers write the code.

for a minute there i thought i had freedom.

[nimbius]

Firefox users have been spoiled all these years, always having the capability of installing any add-on they've desired.

Yes how pampered a life I've led in my fantasy-land where the computer performs in accordance with my instruction. oh i was a fool to think personal computing would remain my own personal fucking shangri-la. Thank god Mozilla has come to the rescue and spirited me away from this dubotcherous land of sodom called personal computing. But hey, you know, whatever it takes for your corporate masters to reign in ad blocking, cookie whitelisting, and script blocking. I just cant wait to watch another taylor swift autoplay video.

Re:for a minute there i thought i had freedom.

[Barefoot+Monkey]

I don't find it hypocritical at all. If I want to use addon that isn't signed I can simply send it to Mozilla to be signed. It's quick and easy, and has no cost. I can do this for as many addons as I want, whether the addons are my own creation or somebody else's. Alternatively, I can use the developer edition, or a nightly, or the current ESR version of Firefox where this ceases to be an issue at all. With Windows 10 I have none of those options - getting a driver signed by Microsoft is prohibitive, so there's simply nothing I can do. Being completely different situations with nothing more than a superficial similarity, having a different reaction for each is quite reasonable.

Re:Whoops

[chefmonkey]

Ah, I follow your logic: "Whoa. Firefox is now better in performance and memory footprint than Chrome. But it has THE EXACT SAME ADD-ON SIGNING POLICY AS CHROME, so... you know... fuck it. I'll stay on the worse browser."

Some Issues Around Mandatory Signatures

The largest problem with mandatory signing is that you must send your source-code to mozilla to be signed and they do not (and really, can not) guarantee that it won't leak out to someone else. So if you have an in-house developed extension that contains proprietary business information, you must choose between getting it signed or running versions of firefox that do not receive regular security updates and do not have signature checking for any extensions at all, so are basically the worst of both worlds. They could avoid this problem with one level of abstraction, you sign your own extension then they sign that signature. They could even automate it so the extra layer of indirection is invisible to anyone who is OK with sending their source to mozilla for signing.

But even that's brittle in the face of unexpected circumstances. Which is the fundamental problem with the "everything not explicitly allowed is forbidden" security models. They have their place, but they do take the "general" out of "general computing." Unforeseen consequences and all that.

The correct solution would be to have a signature checking config setting stored somewhere that is writeable only by an administrator account. All the major OSes have that kind of ability.

The firefox executable is also admin writeable, so if someone were inclined they could run a binary patcher to hack out the signature checking in the binary itself. Might as well just put it in a config setting with the equivalent permissions. Save us all the trouble of having different builds.

I'd even go one step further and make it a list of extensions that don't need a valid signature so you don't give up the benefits of signature checking for all the other extensions just because you want to run one unsigned extension.

Re: Mozilla's starting to get back in shape

[cfalcon]

> No per tab processes means no real sandboxing at the kernel level.

This change seems to be about stability more than security. Remember, if a browser process is owned, it is still running with all the permissions of the browser process. It can certainly go dick with other processes running, such as other instances of the browser, your email client, etc. But a crashed process that runs everything with threads is, everything is crashed, while if different tabs are there own processes, you lose that tab.

Switch browsers...best option

[HBI]

FF has not been listening to the user for a long time. You can just use a fork. There are a few out there.