Mozilla lights JavaScript fire under Firefox 18

Computerworld - Mozilla on Tuesday shipped its newest browser, Firefox 18, which sports a revamped JavaScript engine and support for Macs with Apple's higher-resolution Retina displays.

The open-source developer also patched 28 security vulnerabilities, more than two-thirds of them marked "critical," Mozilla's highest threat rating, and revoked digital certificates that were initially thought to be in the hands of cyber criminals.

At the top of Firefox 18's new feature list, however, was "IonMonkey," a new JavaScript JIT (just-in-time) compiler that renders complex JavaScript -- like that used by Web-based games or apps -- significantly faster than earlier engines.

Depending on the performance benchmark, IonMonkey speeds up Firefox's JavaScript rendering as much as 25%, Mozilla claimed today. That number was at the high end of a 7% to 26% speed-improvement range that the JIT compiler team cited last September when IonMonkey debuted in Firefox 18's "Nightlies," or roughest, build.

Other improvements in Firefox 18 included support for the high-resolution Retina screens used by Apple's MacBook Pro notebooks on OS X Lion and Mountain Lion, an option that lets users disable insecure content found on HTTPS-secured sites, and an opening round of support for WebRTC (for Web real-time communications), an in-development open-source API that adds browser-to-browser voice calls and video chat without requiring separate plug-ins.

WebRTC came from Google, which released its software as open source more than a year ago. Google's Chrome and Opera Software's Opera browser also support WebRTC.

Firefox 18 was missing one previously-promised addition, however: The integrated PDF viewer that was included in the browser's beta didn't make it into the final.

Mozilla also patched 28 vulnerabilities, 20 of them critical, with seven of the remaining labeled "high" and one pegged "moderate."

About a quarter of the bugs were reported by Abhishek Arya, who goes by the nickname "Inferno," of the Chrome security team, Mozilla said in an accompanying advisory. That makes two Firefox upgrades in a row where Arya has accounted for a significant chunk of the reported vulnerabilities Mozilla's patched.

Four of the eight flaws Arya reported to Mozilla were use-after-free vulnerabilities -- a type of memory management bug -- that Google's security engineers have become adept at finding in Chrome and other browsers.

Another five of the 28 flaws were reported by researchers working with HP TippingPoint's Zero Day Initiative (ZDI) bug-bounty program.

Mozilla also followed the lead set by Microsoft and Google last week, revoking a pair of digital certificates issued by a subsidiary of TurkTrust, a Turkish "certificate authority," or CA, in 2011.

"The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control," Mozilla stated in an advisory accompanying Firefox 18's release.

Estimates last week by Web metrics company Net Applications put Firefox's usage share at 19.2%. Irish measurement firm StatCounter, however, said Firefox's global share was a slightly higher 21.9%.

Windows, Mac and Linux editions of Firefox 18 can be downloaded manually from Mozilla's site, while already-installed copies will be upgraded automatically.

The next version of Firefox is scheduled to ship Feb. 19, 2013.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about Internet in Computerworld's Internet Topic Center.