Today, Mozilla Corp announced the general availability of Firefox 48, an update that will include new security and developer features that can take advantage of multi-process support and add-on signing. Although only a few users will initially receive the multi-process advantage with this update, Mozilla will be rolling out the change to more as time goes on until the full release with Firefox 49 on September 13, 2016.

The roll-out of multi-process support for Firefox 48 and 49

The multi-process support in Firefox is part of an update announced last year known as Electrolysis (or e10s) and it will enable the web browser to separate its main process from content viewed. As a result, it allows a page to crash without taking the entire browser with it. A common problem when a script or Flash application crashes is that the entire browser then freezes or is terminated.

Looks like I’m not part of the 1 percent. (Of course, I also have some add-ons so I would not have been chosen for the roll-out most likely.)

The roll-out of e10s will be slow with only 1 percent of all users with no add-ons, after an initial period of data collection Mozilla would then roll out the change to 100 percent of those users (approximately half of all Firefox users). All users will enjoy the new mutli-process support on September 13, 2016 with the release of Firefox 49.

Enhanced protection against harmful add-ons in Firefox 48

The release of update 48 also includes expanded protection that adds two additional categories for downloads: potentially unwanted software and uncommon downloads. This builds on Google’s expansion of their Safe Browsing service.

The first category, potentially unwanted software, flags downloads that make unexpected changes to a user’s computer. As a result, warnings will appear when the software intends to make changes and has been downloaded, adding an extra nag, but also potentially a layer of “Are you sure?” for less sophisticated users.

The second category, uncommon downloads, attempts to determine not just that a file may be unwanted or dangerous, but that it is not commonly downloaded and therefore there is little information about it. The purpose of this warning is to draw users’ attention to the fact that they may be downloading something they did not intend to download. For example, this warning might pop up if a user is about to download a Trojan designed to appear to be commonly downloaded software.

For users, add-on signing will become mandatory. This means that Firefox will prevent users from installing add-ons that have not been authenticated and signed by Mozilla staff (similar to a system already in action in Chrome). This design decision may cause a controversy in the user base because, up until this release, users were able to install any add-on they liked. Those days are now numbered.

Certainly forcing add-ons to have a Mozilla signature increases the security of installed add-ons, but it also limits the usability of Firefox for power users who want to install and use add-ons that otherwise have not been checked by the Mozilla staff.

The mandatory add-on signing was introduced in Firefox 41 Nightly, announced originally back in 2015 for deploy in Firefox 42 Stable, but was delayed several times until Firefox 46 Stable. At the time an option became available in “about:config” that allowed users to turn it off. That option will no longer be available starting in today’s release of Firefox 48.

Mozilla Developer Network resources

Firefox 48 is based on Gecko 48, Mozilla’s web rendering engine, and is in the process of shipping. Nightly builds that will become Firefox 48 are currently available on the Beta release channel for developers.

Overall changes that affect developers include modifications to developer tools, HTML rendering, CSS rendering and new APIs for Javascript and DOM/HTML DOM.

The biggest changes that affect developers are the additions of new tools to the Developer toolkit including an HTTP log inspection tool for the Web Console, the DOM inspector, adding a Firebug theme and enables the Font inspector by default (again).

The experimental technology Web Crypto API has also been added to Web Workers enabling the ability to do built-in cryptographic functions in the background. This is a basic interface that allows interaction with crypto primitives for producing keys, hashes, wrapping/signing keys, encryption, decryption and signing.

The full list of changes in Firefox 48 as pertains to developers can be read in the Release Notes.

photo credit: Fox via photopin (license)