Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 48 Released With Multi-Process Support, Mandatory Add-On Signing (softpedia.com)

Posted by msmash on from the making-Firefox-great-again dept.

Mozilla on Tuesday released Firefox v48, touted as one of the most important updates the browser has ever received. With the new version, Firefox starts migrating users to using mullti-process threads (e10s, Electrolysis), and it is also the first version to ship with Rust component. In addition, Firefox is now also making add-on signing mandatory. From a Softpedia article: Announced last year, Electrolysis, e10s, or multi-process support is Firefox's ability to process core browser operations separately from the content viewed on a Web page. Multi-process support allows a page to crash without bringing the entire browser down with it and improves the browser's overall performance. e10s rollout will take place in two phases, first in Firefox 48, and it will finish in Firefox 49, set for release on September 13, 2016. Mandatory add-on signing refers to Firefox preventing users from installing any add-ons that have not been approved by Mozilla's testers. This is something similar to what Chrome employs, but Firefox users have been spoiled all these years, always having the capability of installing any add-on they've desired. Rust is a programming language that's a revamped and improved version of C++ but that protects developers from accidentally including dangerous memory bugs in their code. It achieves this by how the language was constructed and by how developers write the code.

37 of 236 comments (clear)

  1. Because dangerous memory bugs should be intentiona by davidwr · · Score: 3, Funny

    accidentally including dangerous memory bugs in their code

    Good, now I can be assured that all of my dangerous memory bugs in my code are intentional.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  2. Mozilla's starting to get back in shape by LichtSpektren · · Score: 4, Interesting

    I've been on Nightly for awhile now and the performance with e10s is now almost as good as Chrome's. Firefox Hello is thankfully going to get axed in a future release, and if Mozilla continues to fine-tune the performance a bit more and rips out Pocket, I think Firefox will be back on top.

    1. Re:Mozilla's starting to get back in shape by Anonymous Coward · · Score: 2, Interesting

      Firefox has been the better browser for the past 2-3 years and nobody knows it. Just wait until they deploy WebExtensions in September. Firefox is now much more stable than Chrome, at both a low and higher number of tabs opened. Just wait until everyone realizes this and have the option to use Chrome extensions on Firefox.

    2. Re:Mozilla's starting to get back in shape by chefmonkey · · Score: 4, Informative

      A lot has been written on this, but this is a good and recent analysis: http://www.erahm.org/2016/02/1...

      tl;dr: Chrome uses twice as much memory as Firefox on all platforms.

    3. Re: Mozilla's starting to get back in shape by cfalcon · · Score: 3, Insightful

      > No per tab processes means no real sandboxing at the kernel level.

      This change seems to be about stability more than security. Remember, if a browser process is owned, it is still running with all the permissions of the browser process. It can certainly go dick with other processes running, such as other instances of the browser, your email client, etc. But a crashed process that runs everything with threads is, everything is crashed, while if different tabs are there own processes, you lose that tab.

    4. Re:Mozilla's starting to get back in shape by cfalcon · · Score: 2

      Also consider Pale Moon. I think if I had to pick exactly ONE browser, I'd probably end up with Chrome- but I don't, so I use Pale Moon for almost everything, Firefox for some things, and Chrome when I need it.

  3. Re:can we please by LichtSpektren · · Score: 3, Informative

    Firefox has about 10% market share (several studies collected here), which is hundreds of millions of people.

  4. You must be new here by sjbe · · Score: 4, Funny

    Can we please stop posting about minor, useless OSS software releases? It's not like anyone uses this piece of shit anymore.

    Really? Wow and here I thought I was using Firefox to type this. Thanks for letting me know that I'm not really using the browser I think I am.

  5. Re:Whoops by LichtSpektren · · Score: 2

    I was about to rush and grab it until...

    "Firefox is now also making add-on signing mandatory"

    I don't see what the big deal about this is. Everything on addons.mozilla.org is already signed. If you have some legacy thing that hasn't been signed yet, you can use the Extended Support Release until Firefox 52.

  6. Re:How much more Chrome-like is it? by LichtSpektren · · Score: 3, Informative

    No changes in the UI. And Classic Theme Restorer still works: https://addons.mozilla.org/en-...

  7. Multi-process not available for most users? by trawg · · Score: 5, Interesting

    I was kind of excited by this so updated immediately instead of my usual process of waiting a couple days.

    While it was updating I did another unsual thing - clicked through to the article - where I read the following:

    e10s rollout will take place in two phases, first in Firefox 48, and it will finish in Firefox 49, set for release on September 13, 2016.

    Firefox with multi-process support will first reach 1 percent of the users who don't have any add-ons installed in their browser, and in ten days' time, Mozilla will activate e10s for 50 percent of the same users.

    Full e10s support for Firefox instances using extensions or running on older versions of Windows will be available in the fall, during the second rollout phase scheduled for Firefox 49.

    So, at a glance (and from what I can see from my now-updated install), multi-process is not /really/ included in this release except in certain cases like users who don't have any add-ons.

    1. Re:Multi-process not available for most users? by Barefoot+Monkey · · Score: 4, Informative

      If you're using Firefox 47 or later you can enable e10s yourself. What you read simply means they won't be switching it on for you until FF49.

      You can enable e10s by going to about:config and setting browser.tabs.remote.autostart to true. Restart your browser and then visit about:support and look up "Multiprocess Windows" on that page to see if it's enabled. (It might still be disabled if you have one or more add-ons that don't support e10s - if only it would tell you which)

      I haven't installed the Firefox 48 update yet, but it may well introduce an option in the Options panel for you to enable multiprocess without having to go through about:config.

    2. Re:Multi-process not available for most users? by radarskiy · · Score: 2

      "and in ten days' time, Mozilla will activate e10s for 50 percent of the same users."

      It's disturbing that they're changing the configuration default outside of a visible version update.

    3. Re:Multi-process not available for most users? by Big_Kay · · Score: 2

      With add-ons disabled, it still lists 3 in about:support: Firefox Hello, Multi-process staged rollout, and Pocket. If you go to about:config and check extensions.xpiState, it shows the plugins, and which ones are "multiprocessCompatible" and those that are "runInSafeMode". Firefox Hello, Multi-process staged rollout, and Pocket are all shown as: "multiprocessCompatible":false,"runInSafeMode":true

  8. Re:can we please by Joce640k · · Score: 3, Interesting

    That's probably going to drop a bit it they break all the add-ons.

    (Again...)

    --
    No sig today...
  9. for a minute there i thought i had freedom. by nimbius · · Score: 4, Insightful

    Firefox users have been spoiled all these years, always having the capability of installing any add-on they've desired.

    Yes how pampered a life I've led in my fantasy-land where the computer performs in accordance with my instruction. oh i was a fool to think personal computing would remain my own personal fucking shangri-la. Thank god Mozilla has come to the rescue and spirited me away from this dubotcherous land of sodom called personal computing. But hey, you know, whatever it takes for your corporate masters to reign in ad blocking, cookie whitelisting, and script blocking. I just cant wait to watch another taylor swift autoplay video.

    --
    Good people go to bed earlier.
    1. Re:for a minute there i thought i had freedom. by LichtSpektren · · Score: 4, Informative

      The point of signing the extensions is so that some compromised or malicious developer doesn't put malware into an extension's update stream; which can be (and has been) a huge problem, since by default extensions auto-update. So, disallowing unsigned extensions is a security feature. If it turns out Mozilla will be nefarious about it, then you can always recompile Firefox from source with the mandatory signing thing cut out, or go to some fork. Right now I don't think it's a bad move.

    2. Re:for a minute there i thought i had freedom. by 110010001000 · · Score: 2

      Personal computing in 2016 means that all your personal information is stored on computers owned by the corporations.

    3. Re:for a minute there i thought i had freedom. by Barefoot+Monkey · · Score: 4, Insightful

      I don't find it hypocritical at all. If I want to use addon that isn't signed I can simply send it to Mozilla to be signed. It's quick and easy, and has no cost. I can do this for as many addons as I want, whether the addons are my own creation or somebody else's. Alternatively, I can use the developer edition, or a nightly, or the current ESR version of Firefox where this ceases to be an issue at all. With Windows 10 I have none of those options - getting a driver signed by Microsoft is prohibitive, so there's simply nothing I can do. Being completely different situations with nothing more than a superficial similarity, having a different reaction for each is quite reasonable.

  10. mandatory "freedom" not to do as "desired"? by sittingnut · · Score: 2

    "mandatory add-on signing refers to Firefox preventing users from installing any add-ons that have not been approved by mozilla's testers. ... firefox users have been spoiled all these years, always having the capability of installing any add-on they've desired."

    of course doing what we "desire" should not be allowed.
    stay within the plantation and obey the rules, that way nothing gets broken or get crashed (hopefully). and nobody gets "spoiled", god forbid!
    we, the user children, should not be 'spoiled" by allowing us to make mistakes, by too much freedom to do what we 'desire'.

    be calm, be correct, be at peace, ... as in "rest in peace"? in mozilla's politically correct heaven.
     

    1. Re:mandatory "freedom" not to do as "desired"? by NotInHere · · Score: 5, Informative

      If you really have unsigned add-ons you want to install, there are multiple options for you. See the FAQ entry "What are my options if I want to install unsigned extensions in Firefox?".

      https://wiki.mozilla.org/Add-o...

    2. Re:mandatory "freedom" not to do as "desired"? by TangoMargarine · · Score: 3, Informative

      If you don't like it, why don't you fork it

      It's called Pale Moon. You should check it out :)

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
  11. Re:can we please by LichtSpektren · · Score: 3, Informative

    That's probably going to drop a bit it they break all the add-ons.

    (Again...)

    My interpretation of Mozilla's plans is that they plan to gradually deprecate XUL in order to give time for developers to keep their extensions working with every version of Firefox. So it's not as if they're all going to break overnight. Some will break and won't get fixed if they're not maintained, but that happens on every platform.

  12. Re:Whoops by chefmonkey · · Score: 3, Insightful

    Ah, I follow your logic: "Whoa. Firefox is now better in performance and memory footprint than Chrome. But it has THE EXACT SAME ADD-ON SIGNING POLICY AS CHROME, so... you know... fuck it. I'll stay on the worse browser."

  13. Re:Whoops by chefmonkey · · Score: 3, Informative

    Replying to myself, because I realize this isn't entirely accurate: Firefox lets you host your (signed) add-on on your own site if you want. Chrome absolutely requires you to download it from Google servers.

  14. Some Issues Around Mandatory Signatures by Anonymous Coward · · Score: 2, Insightful

    The largest problem with mandatory signing is that you must send your source-code to mozilla to be signed and they do not (and really, can not) guarantee that it won't leak out to someone else. So if you have an in-house developed extension that contains proprietary business information, you must choose between getting it signed or running versions of firefox that do not receive regular security updates and do not have signature checking for any extensions at all, so are basically the worst of both worlds. They could avoid this problem with one level of abstraction, you sign your own extension then they sign that signature. They could even automate it so the extra layer of indirection is invisible to anyone who is OK with sending their source to mozilla for signing.

    But even that's brittle in the face of unexpected circumstances. Which is the fundamental problem with the "everything not explicitly allowed is forbidden" security models. They have their place, but they do take the "general" out of "general computing." Unforeseen consequences and all that.

    The correct solution would be to have a signature checking config setting stored somewhere that is writeable only by an administrator account. All the major OSes have that kind of ability.

    The firefox executable is also admin writeable, so if someone were inclined they could run a binary patcher to hack out the signature checking in the binary itself. Might as well just put it in a config setting with the equivalent permissions. Save us all the trouble of having different builds.

    I'd even go one step further and make it a list of extensions that don't need a valid signature so you don't give up the benefits of signature checking for all the other extensions just because you want to run one unsigned extension.

  15. Electrolysis Meh. by CrashNBrn · · Score: 2

    Splitting Firefox's tab data over into the "plugin container for Firefox" hasn't done much to improve Firefox's GUI performance. Once FF hits certain ram limits, it will start ignoring mouse clicks and keyboard shortcuts. So while FF may claim its NOT unresponsive, I think the fact that now it's acceptable for FF to IGNORE hardware input from the user, instead of delaying it until it can process is far worse.

    I can't wait to get off this sinking ship. Maybe Piro could crowdfund Tree Style Tab for Chrome.

  16. Re:Enterprise users last remaining users... by LichtSpektren · · Score: 2

    Sorry for the double post, but see here: https://wiki.mozilla.org/Add-o...

    "How will the unbranded versions of Firefox work?

    They work just like Firefox, with two differences: they will have a setting to disable mandatory signature checks, and they will not have the Firefox name and logo (instead using a generic name and logo). These builds are available in the en-US locale only."

  17. Re:can we please by LichtSpektren · · Score: 3, Informative

    What if add-ons don't sign? Can we still "force" them in?

    See here: https://wiki.mozilla.org/Add-o...

  18. Firefox ESR allows turning it off by tepples · · Score: 4, Informative

    They could avoid this problem with one level of abstraction, you sign your own extension then they sign that signature.

    Mozilla won't blindly countersign extensions because it wants to avoid a situation where you sign an extension and then distribute it to the public without Mozilla having a chance to check it for the most obvious malicious patterns.

    The correct solution would be to have a signature checking config setting stored somewhere that is writeable only by an administrator account.

    Firefox ESR releases have such a setting. Firefox current lacks this setting because Mozilla wants to avoid a situation where it becomes common to social-engineer users into elevating to change this setting. Home users are more likely to use Firefox current, but they're also less likely to need an in-house private extension. Home users who make their own extensions can use Firefox Developer Edition.

  19. Use Firefox trademark against binary patchers by tepples · · Score: 2

    Checking for the most common patterns just means people will find less common patterns. It isn't hard to avoid with trivial obfuscation.

    Obfuscation kicks an extension into the manual review queue.

    Mozilla is not capable of hand-inspecting add-ons to that level of certainty, they either automate signatures or they take way too long.

    Mozilla automates signatures for easy cases and admits to "tak[ing] way too long" for hard cases.

    Someone that naive can be social-engineered into running a binary patcher too.

    There exist both branded builds and unbranded builds. Unbranded builds allow use of unsigned extensions but lack the Firefox name and logo. This gives Mozilla a hook to sue the distributor of such a binary patcher for trademark infringement.

    Make it warn at every startup before the add-on is initialized that they are using a questionable add-on.

    Or provide a separate way to install unsigned extensions in such a way that they're automatically uninstalled when Firefox is restarted. This appears to be the current policy, implemented through about:debugging.

  20. Re:Enterprise users last remaining users... by The-Ixian · · Score: 2

    I just don't see the supposed performance issues with FF.

    FF is my daily driver though I have IE, Edge, Opera and Chrome also installed on my computer. I use them all for various purposes (Chrome for chromecast, Opera for side project work, IE and Edge for work and FF for personal/everything else) and I just don't see any performance differences. If there are, they are measured in time increments imperceptible to me.

    --
    My eyes reflect the stars and a smile lights up my face.
  21. Re:Mandatory signing by tepples · · Score: 2

    I have a bunch of old extensions that are not signed. [...] I sometimes like to edit extensions

    If an extension is licensed for redistribution, you can solve cases 1 and 2 by submitting it to AMO as an unlisted extension.

    Some extensions have code that can't be given to Mozilla for verification because the code is proprietary.

    Organizations with in-house extensions experiencing case 3 can use Firefox ESR.

  22. Re:Whoops by Anonymous Coward · · Score: 2, Informative

    And even that misses the point, I think. Until now, Firefox also let you write and deploy your own unsigned add-on, even if you don't host it anywhere. There are businesses who have created Firefox add-ons specific to their corporate intranet. These add-ons are only used inside the company, they aren't hosted anywhere, no one wants them to be hosted anywhere. And more specifically, no one wants to submit their corporate property / business logic / trade secrets to Mozilla to be blessed with an unnecessary seal of approval.

    This is now no longer possible unless you install a nightly FF build on every employee's computer.

  23. Switch browsers...best option by HBI · · Score: 2, Insightful

    FF has not been listening to the user for a long time. You can just use a fork. There are a few out there.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  24. Re:can we please by chefmonkey · · Score: 3, Informative

    Alternately, you can grab the add-on and push it to the add-ons server for signing yourself -- it's all automated. The point of signing is that it allows Mozilla to shut off malicious add-ons when they arise. As mentioned elsewhere, all add-ons hosted on Mozilla's servers have already been signed, so you'd only have to do this if you found some unmaintained add-on lying around elsewhere on the web. To be honest, that sounds kind of fishy, so I'd proceed with caution.

  25. Thus, sandboxing by cbhacking · · Score: 3, Informative

    While what you say is true on some level - a compromised process can dick with your system, including other processes, just fine - you're missing the point of having a multi-process browser for security. The vast majority of what a browser does requires almost no access to the rest of the computer. You can have one container process that runs with user privileges and implements the few things the browser needs to be able to do to the system at large (save downloaded files, etc.) in a very secure manner, and is also responsible for launching sandboxed, low-privilege sub-processes that do the dangerous work of a browser (parsing web server responses, running plugins, executing javascript, etc.). If these sandboxed processes are compromised, the attacker can still fuck with your browser... but they can't get out into the rest of your system.

    This is how Chrome and IE have worked for years (though Chrome's sandbox is a lot tighter than IE's). It's not just about stability/reliability, there's also a very real element of security here. Chrome's sandboxed render processes are so underprivileged that there's practically nothing a compromised one can do (to the rest of the computer) except try to attack its full-user-privilege container / broker process (through the IPC channels that let it do things like say "Please ask the user where they want to save this downloaded file"), but that is a very small attack surface compared to most of what a browser does, and the trusted process can have that attack surface very well-hardened.

    --
    There's no place I could be, since I've found Serenity...