Mozilla ships Firefox 26 with opening click-to-play move
Wraps up 2-year 'MemShrink' project that reduced memory consumption and boosted browser performance
Computerworld - Mozilla on Tuesday released Firefox 26, which kicked off a limited form of click-to-play and patched 15 security vulnerabilities, six marked "critical."
Click-to-play -- a security feature that requires users to authorize the use of a plug-in when a website or page element requires it -- has been adopted by other browsers as protection against a rising tide of exploits that leverage bugs in plug-ins, particularly Adobe's Flash Player and Oracle's Java.
Google's Chrome, for example, has long offered click-to-play, although it has been turned off by default.
In January 2013, Mozilla announced it would require click-to-play for all installed plug-ins except for Flash, then later added the feature to developer and beta builds of Firefox 26.
But when the browser debuted Tuesday, only the Java plug-in was stuck behind the click-to-play wall; other plug-ins automatically ran. According to Mozilla, more testing was necessary before expanding click-to-play to all plug-ins.
"[And] in the coming weeks, we will announce details of a plug-in whitelist policy that will provide a path to exempt certain plug-ins and websites from our click-to-play policy," said Chad Weiner, Firefox product manager, in an email Wednesday. "We want to give developers time to react to the whitelist policy and provide feedback."
Firefox 26 also saw the wrap-up of "MemShrink," a two-year project to reduce the browser's memory footprint that focused on plugging "leaks" created when code doesn't properly release memory after a chore is completed. The leaked memory is never returned to the available pool, reducing what's available for other applications, or even for Firefox. Eventually, performance suffers.
Complaints about Firefox's memory usage have historically centered on the browser's habit of not releasing memory when tabs are closed.
In a post to his personal blog, Nicolas Nethercote, the developer who led MemShrink, said the project had been completed. Previously, Nethercote had touted a pair of final bug fixes that landed in Firefox 26 which curtailed memory usage spikes and improved load times of image-heavy pages.
Along with the debut of click-to-play and the wrap-up of MemShrink, Mozilla also tucked patches for 15 vulnerabilities into Firefox 26. A half-dozen of the fixes were tagged critical, Mozilla's most serious threat ranking.
Among the critical vulnerabilities were several "use-after-free" bugs, a type of memory management flaw. One of those was reported by Nils, a German researcher who goes only by his first name. Nils is a noted vulnerability researcher, half of a two-man team who won $100,000 in March for hacking Google's Chrome at the Pwn2Own contest.
Several other vulnerabilities were reported by researchers working for BlackBerry, the troubled Canadian smartphone maker. Last summer, Mozilla and BlackBerry began collaborating on security, with an emphasis on "fuzzing," a process that stress-tests code to locate bugs.
Windows, Mac and Linux editions of Firefox 26 can be downloaded from Mozilla's site; already installed copies will upgrade automatically. Users of Firefox for Android can retrieve the update from the Google Play store. The latter sports a new home screen and support for Bing and Yahoo as search choices in the U.S. and some countries of the European Union.
The next version of Firefox is scheduled to ship Feb. 4. The version after that -- Firefox 28 is slated to show up March 14 -- will be the first to sport the new user interface (UI), dubbed "Australis," that Mozilla has been working on since May 2012.
This article, Mozilla ships Firefox 26 with opening click-to-play move, was originally published at Computerworld.com.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Face Time Anytime Real-time communications facilitates team collaboration from nearly anywhere in the world. With facts and figures you can use to justify an investment
- Riverbed Stingray Application Firewall: Securing Cloud Applications with a Distributed Web Application Firewall Responsibility over IT security is moving away from the network and IT infrastructure and to the application and software architecture itself. IT organizations...
- Now is the time to implement a video conference solution Video conferencing is getting a lot of buzz lately due to the recent cost decrease, making it tangible for many law firms. It's...
- Video drives engagement Achieving maximum results means building a solid platform and network infrastructure. As digital age unfolds, it's clear that the ability to communicate effectively...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Web Apps White Papers | Webcasts