Firefox vs Chrome: Browse Against the Machine

Looks like Firefox is going to war with Chrome:

https://medium.com/the-official-unofficial-firefox-blog/browse-against-the-machine-e793c0fee917

 

While I've never liked Firefox, he does make some valid points.

 

It's very simple, FF has got to develop their new browsing engine as fast as possible, because it can't compete with Chrome's Blink. They also need to offer more power user features (better bookmarks manager) out of the box, without overwhelming users who don't care about this. I think Vivaldi has managed to do this. I also wonder if they manage to keep FF lean when it comes to RAM usage, because that's the main reason I can't switch to Chrome based browsers.

 

Fair enough...

 

Seriously, most of the time I have about 30 to 50 tabs open, no problem with FF and Opera 12. With Chrome and Vivaldi it's a disaster. I wonder if they can manage to keep FF lean when they implement the multi-process (with sandbox) architecture.

 

BTW, Mozilla's former Chief Technology Officer says that Chrome has already won the war:

https://andreasgal.com/2017/05/25/chrome-won/

 

Using multiple processes requires more memory. I prefer using a seperate process for each tab as it is more stable.

 

The 2017 pwn2own results.

Firefox hadn't even been entered the last few years because it's been considered too easy to hack so they've made improvements on security to have been hacked only once. This years event was run and sponsored by Trend Micro.

https://www.ghacks.net/2017/03/17/pwn2own-2017-windows-ubuntu-edge-safari-firefox-exploited/

Analysis
Three of the four product categories of the Pwn2Own 2017 gathering are interesting to computer users.

On the operating system side, Windows, Mac OS X and Ubuntu Desktop were exploited successfully.

On the browser side, Microsoft Edge, Firefox, and Safari were exploited successfully. The one attack attempt against Chrome failed, and a second attack against Firefox failed as well. Both Edge and Safari were exploited multiple times.

On the application side, Adobe's Flash Player and Reader products were exploited successfully multiple times.

It is surprising that the most secure browser, according to Microsoft, was exploited successfully several times.

As far as browsers go, Chrome was the only browser not exploited successfully. Please note that Chromium-based browsers like Vivaldi or Opera were not part of the product range that teams could attack this year.

 

I am wondering about the same issue.
I hope Firefox won't become another Chrome-clone; among the many ones.

 

Then they will definitely not win the war. I would focus on keeping the browser lean and mean, and websites should load blazingly fast.

The new multi-process/sandbox feature will make FF less easy to hack.

To be honest, never had any stability problems with Opera 12 which is a single-process browser. But multi-process is of course more secure.

 

Of the 5 reasons mentioned another is glaringly absent: the massive variety of extensions Firefox used to have which is now disappearing.

 

When I was using a singe process browser, I would find that when my computer was running low on RAM (I'd often have 40 or 50 tabs open), the browser would become likely to crash. However, at the moment I've had 360 Extreme Explorer (Chrome based) open for about 100 hours now, with no issues at all.

 

I can't see why I should have more than one browser (considering that edge can't be uninstalled). When Chrome first appeared, it forced all other browsers to innovate, that's how the state of the art in technology is implemented. I use Chrome for my Win 10 machines, and Firefox for Vista as Chrome does not support Vista anymore...

 

Yes, Opera 12 did sometimes crash, but I think it also depended on the websites, it almost never crashed anymore when I started to use a script-blocker.

In the future, all of the big browsers will be able to use the same extensions. I also think that extensions can be a huge risk, it's best to run only a couple of trusted ones.

 

I believe Firefox can only gain market share, if they market themselves as a privacy and security aware browser. And they need to make sure all or most sites work correctly. Only then they can fight back against crappy Chrome.

https://andreasgal.com/2017/07/19/firefox-marketshare-revisited/

 

Until FF complete the implementation of a decent sandbox, i wont put a cent on them. (i voluntarily discarded any mention of the use of a 3rd party sandbox in that comment).

 

Well, it's on its way. I tested Firefox Nightly 56.0a1 on Linux. Level 3 is enabled which confirms what's written here.

Besides, the sandbox is only one aspect (but surely an important one). Another important aspect is that more and more parts of the Firefox code are being replaced by code written in Rust within the Quantum project (Quantum is already in FF 55, and Quantum CSS is in FF 57 but still disabled by default). And this is probably more significant than most people think: Federico Mena Quintero, one of the co-founders of the Gnome project, said on the Guadec conference that he's no longer convinced of the C language and recommends Rust particularly for parsers. He is the maintainer of Librsvg which is used for rendering SVG files. Last year he started to rewrite parts of the code in Rust - and finally arrived at a point where he began rewriting the whole code as he got so convinced of Rust. While porting the code to Rust he found many errors in the C code like buffer overruns which hadn't caught anybody's eye - although that code had been written by some of the best C programmers in the Gnome project. Most of these errors simply wouldn't have been possible with Rust as Quintero demonstrated with several examples. The Google employee and security researcher Matthew Garrett who also attended that conference called that "compelling".

And while this presentation had nothing to do with Firefox, it demonstrates how much safer code written in Rust can be. Firefox will benefit more and more from this in the coming months and years.

 

@summerheat good to know that level 3 is enabled ! i was waiting for it. im only on beta 55 , is it enabled by default?
FF being rewrote from scratch in Rust would be indeed a good thing.

 

Both of those browsers are just cogs in the giant, adware/data gathering/tracking machine.

 

Firefox? Why?

 

we have to wait when (not: if) windows 10 is breaking firefox sandbox like chrome sandbox - complete fail. (both x64 builds of the browser)
but still no CFG for firefox in sight.

 

Yes, it is. It's also confirmed on that wiki site for trunk for all platforms (Windows, OSX, Linux).

 

cool thanks.

 

At least Firefox is much more tamable than any other browser - the more so in the future once all Tor browser patches will be implemented.

 

Perhaps, we'll see I guess.
I just look at the things they do and don't do. Bearing in mind they have the resources to have teams of programmers working on it.
For example, remember all the problems with TLS, MITM attacks over the past few years ?
The ONLY ONE in the entire civilized world who did anything about it, was Steve Gibson.
Not Google, not Microsoft, Not Mozilla none of them.
Steve Gibson showed how it is impossible for MITM to spoof a TLS cert fingerprint. He used his T3 internet pipe to set up a server that would show you the true fingerprint of any website cert.
You compare that fingerprint with the one your browser received when you connected to that site.
If they are different you are currently the target of a MITM attack.
Did anyone notice what Mozilla did ?
You think for one minute they would set up their own fingerprint server and implement Steve's system as browser functionality, no, of course they didn't. What they did was, they removed the functionality from Firefox that allowed you to view the cert of the websites you visit. The only available known way to protect from MITM attacks and they removed it.
Sure they put it back later, they had to, they came under so much pressure to do so. But what counts is their Intent.
That's just one example. I could go on and on about all this stuff. They are all in it together, all the big tech corps.