Firefox 3.6.4 Released With Out-of-Process Plugins 261
Posted
by
kdawson
from the bye-bye-crash dept.
from the bye-bye-crash dept.
DragonHawk writes "Mozilla Firefox 3.6.4 went to general release today. The big new feature in this release is out-of-process plugins (OOPP). This means things like Flash, Java, QuickTime, etc., all run in separate processes, so when Flash decides to crash, it won't take your browser out with it. If Flash starts consuming all the CPU it can find, you can kill it without nuking your browser session. I've been using this feature since it was in the 'nightly build' stage, and it was still more stable than 3.6.3, just because Flash was isolated." And reader Trailrunner7 supplies another compelling reason to download 3.6.4: "Security researcher Michal Zalewski has identified a problem with the way Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar. The vulnerability, which Mozilla has fixed in version 3.6.4, has the effect of tricking users into thinking that they're visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers."
UI Lag (Score:5, Insightful)
now can we do something about the rest of the awful browser?
Open 20 tabs and the entire thing chugs to a grinding halt as only one (1) of my four (4) processor cores gets maxed out. So much for the "multithreading" everybody says that Firefox.
The same list of 20 tabs peg all my cores to 100% for a few seconds and then they're all done rendering, when I'm using Chrome. No thanks Firefox. You guys are ancientsauce.
Re:UI Lag (Score:1, Insightful)
Lets face it, a good browser wouldn't require those things to be done in order to browser decently.
Now, I use Firefox, but only because I hate the lack of customization on Chrome, don't like the proprietary-ness of Opera, run Linux so can't really use Safari, and obscure WebKit/Gecko browsers usually don't have needed plugins like AdBlock and manytimes don't have enough customization.
Is it too much to ask for Chrome's rendering engine with Firefox's UI only if it was a bit faster?
Re:UI Lag (Score:5, Insightful)
Don't forget the ponies!
Re:Opera! (Score:5, Insightful)
However it it was really all that, it would have a much larger fan base.
Popularity != better. Since IE has the largest fan base, you're saying that IE is the browser that is "all that?"
Just because they have had something for a while now, does not mean that Firefox, which is a far more popular browser, getting it is not a big deal.
Sure it's a big deal. Although it would have been a bigger deal if they were the first on the block to have gotten it.
Opera people always crack me up.
FF fanbois always crack me up. Do you people ever get tired of the pissing contest? Ever? And by the way, I am typing this in Konqueror. Suits my needs well enough.
Privilege separation, anyone? (Score:5, Insightful)
Ok, now that we're able to put flash code in a separate proc, my question is: can we cut it's privileges so another (monthly) "zero-day vulnerability" will finally become just a tale to scare little children?
Strangely enough, with all the concern about flash security, article seem to miss that point.
Re:Opera! (Score:4, Insightful)
All other things being equal, the better software should be more popular. Why wouldn't that be the case?
Arguably, IE's market share is no exception to that principle...IE has traditionally been "better" for the average person simply because it comes pre-loaded on the OS instead of them having to try to find a legitimate download site. And it seems to me to be quite difficult for most people to distinguish malware from legitimate freeware/shareware. [Side note, I don't actually agree that IE has the largest "fan base." ]
But Opera vs. Firefox or Chrome, where's the disadvantage? Why can't it gain traction? Instead of playing verbal sparring games and gotchas, consider pondering that issue.
Re:Privilege separation, anyone? (Score:3, Insightful)
You can, if you're willing to break enough sites... Flash commonly performs network access, raw graphics operations of various sort, file access, and a few other things like that which would have to be disallowed in a sandbox.
Re:Opera! (Score:3, Insightful)
Re:Great (Score:4, Insightful)
However processes use a lot more memory. Firefox uses way, way less memory than Chrome when you have a few tabs open.
Also, the browser should not crash. But if it does, it restore the session, but seriously, that rarely happens on Firefox (yeah, Chrome tabs crash all the time, but that's Chrome's fault... flamebait maybe but one could argue tab-process encourage buggy code since it's no big deal when a tab crashes)
The only things the browser does not have control over are plugins, and they're not in their own process, which is cool. Extensions are a more complex matter, I suppose they could still bring down everything with own process tabs.
I'm not sure the security added by sandboxing tabs into processes is worth the trouble right now. It's some kind of hack after all.
Re:First (Score:1, Insightful)
You know you're doing it wrong when you have 57 tabs open