Mozilla Hacks: Introducing Aurora 9

Hot!!
Check out some features and fixes for the upcoming release of Firefox 9.

Introducing Aurora 9 - Mozilla Hacks

 

Honestly not a lot there impresses me. Of course the ever important javascript speeds have been ramped up, but other than that, whatever I guess.

 

I'm not that impressed either. I'd wish that by version 9 (Why not 8, right? lol) users would already have a "Protected Mode", etc.

What the heck are they waiting for?

 

I think too many security improvements would require almost a re-write of the browser. I have no idea how easy/difficult it would be to have a Protected Mode.

 

Well, I can't say that's an excuse for Firefox not to provide the needed isolation.
And, it's not like they didn't have time to rethink their browser. Windows Vista came out in 2006, if I am not mistaken. We're nearly in 2012, right? That's about 6 years. What were they doing in these 6 years? Playing chess?

As you've said in another thread, rather than trying to mimic other browsers in the certain aspects, they should mimic in the security aspects. It would be no shame.

I've said it once, and I'll say it again - Mozilla can't hide forever behind security extensions.

 

They did the same thing IE did for years, enjoy their time at the top and not worry about improvements too much. Only when Firefox was a really big threat did IE start to become more secure and truly be a "better" browser. Now Chrome shows up, and is giving everyone a run for their money, and Mozilla gets worried and starts to "improve". Improve, however, is in the eye of the beholder. I mostly see copying and slight speed improvement.

Chrome has it's own problems now with its extensions. The sandbox is intact, but your own extensions can nail you. Mozilla can only go so far, again, without totally re-writing Firefox likely. I doubt there is any way to incorporate the sandbox ability Chrome has into Firefox without totally building Firefox from the ground up again. Maybe I'm wrong.

 

You're right about the extensions, but extensions are not mandatory. People use them, if they want to use them. People wanted extensions, Google "gave" them extensions. It's like Do you want guns? Well... there you go...

Anyway, I don't think it would require that much (much being relative) to implement a sandbox in Firefox.
I don't think it took Adobe that "much" to implement Adobe (Acrobat) Reader's sandbox. I think they started discussing it around May/July 2010, if I'm not mistaken. I think I remember some Adobe's blog article about it.

As an example, applying an explicit low integrity level to Adobe Reader 9 would break it. But, I believe most, if not all, of Firefox settings, etc work fine. So, I don't think it would require a lot of work. But, like you I'm not sure.

 

I'd have to look further into it, but I don't think Adobe's sandbox is on the same level as Chrome's. Chrome was built from the start with all of these security implementations, I think it would be more difficult to do everything Chrome does without doing some major code surgery. If I'm wrong, then I join you in asking what they are waiting for. The security situation is not going to get any better, so there's no time like the present to drop all the duct tape and band-aids for every security issue, and start building things with security as the first thought.

 

Adobe's was built with help by Google so we can expect they use similar if not the same methods.

Yes, it would be difficult to sandbox a program like Firefox the way Chrome does. They've only mentioned doing so in the far future.

And yes, I agree, their security isn't going to improve any time soon. Hell with all of these radical changes you can expect more bugs and more exploits.

 

So mainly website code rendering changes.

 

You guys should check these:

https://wiki.mozilla.org/Electrolysis
https://wiki.mozilla.org/Mozilla_2/Protected_mode
https://wiki.mozilla.org/Security/ProcessIsolation

 

None of those say anything about version 9.

 

Yeah, I don't think even Mozilla knows when Electrolysis will be ready. I also think these features were most discussed before the sudden change over to a rapid release and other changes. There's no telling when or even if we'll see any of this in the near future.

 

From those links:

So do not expect this for AT LEAST 6 months. If they've even put together the team it'll be easily 6 months.

 

Wasn't electrolysis announced years ago?

 

Maybe, but they are apparently having so many problems, mainly because they are trying to keep it backwards compatible. I'm concluding that coding a new Firefox from scratch would have been faster. :sigh:

 

It's been at least since 2009 (the last edited date for all three of the above mentioned wikis). Again, I think they went into "Gotta fight Chrome" mode, and either dropped completely or set these features aside for whenever the "more important" stuff got settled. The 6 months timeline from that wiki was, as said, from 2009, so obviously we can't go on that any longer.

Backwards compatibility isn't something I personally see a need for with Firefox. Internet Explorer was a different case, as there were/are many system apps that require it. I've yet to see this happen with Firefox. If they're going to continue developing the way they recently chose to, then it's my opinion they should just dump the idea of backwards compatibility, and force the updates on people like Chrome.

I'm with Searching, if they are actually serious about these features and are dead set on backwards compatibility, it would have, in the long run, been easier to just re-write or do major surgery on Firefox to provide the ability to have them. Otherwise, they should hop to it and just get it done, compatibility be damned.