BT

Firefox 34 Brings SSLv3 Security Fix, New HTML5 Implementations

| by James Chesters Follow 1 Followers on Dec 03, 2014. Estimated reading time: 3 minutes |

Mozilla has this week released Firefox 34, with notable features including SSLv3 disabled by default, WebIDE, and the implementation of ECMAScript 6 WeakSet.

The replacement for App Manager, WebIDE lets developers run and debug Firefox OS apps using the OS Simulator, or a physical Firefox OS device. In addition, it provides an editing environment for developing Firefox OS apps, and enables developers to connect the Firefox Developer Tools to other browsers, including Chrome on Android, and Safari on iOS.

WebIDE was reported on in more detail by Abel Avram for InfoQ earlier this year when it was available as part of the nightly builds. At the time, members of the Firefox community greeted Mozilla's announcement with mixed feelings.

In comments on Robert Nyman's blog post for Mozilla Hacks, some users were concerned that the addition would degrade performance in Firefox. A user going only by the name "Frustrated" commented

Why? This solves nothing and only adds issues. Yes, it’s cool. But what happened to Firefox’s original goal, which was to be a fast and functional browser? All these recent changes are making things worse.

Jeff Griffiths, product manager for Firefox Developer Tools, replied to criticisms, saying:

Firefox’s developer tools have almost no impact on browser performance unless they are open. The additional impact is mainly around download size, which is relatively small.

In other areas of the release were HTML5 implementations, including ECMAScript 6 WeakSetAccording to the Mozilla Developer Network, Weakset object lets developers store weakly held objects in a collection. The main differences from the Set object are that Weakset objects are collections only of objects, rather than of arbitrary values of any type, and that if there is no other reference to an object stored in the WeakSet, they can be garbage collected.

The following example is given of using the Weakset Object:

var ws = new WeakSet();
var obj = {};
var foo = {};

ws.add(window);
ws.add(obj);

ws.has(window); // true
ws.has(foo);    // false, foo has not been added to the set

ws.delete(window); // removes window from the set
ws.has(window);    // false, window has been removed

ws.clear(); // empty the whole WeakSet

In security updates, the 34 release addresses the POODLE SSL version 3.0 vulnerability. POODLE was identified in late September of this year, and potentially allowed hackers to extract private information from inside an encrypted transaction.

Since October, users have been able to use the SSL Version Control Firefox extension to disable SSLv3. While Mozilla reports that Firefox was only using SSLv3 for about 0.3% of HTTPS connections, Firefox 34 now has SSLv3 disabled by default. Firefox 35 promises to bring support for the generic TLS downgrade protection mechanism SCSV

Other notable features of Firefox 34 include the introduction of Firefox Hello -- a real-time video communication feature. 

Announcing the feature for the 34 Beta release, Chad Weiner -- director of product marketing at Mozilla -- says an advantage of Firefox Hello is that it doesn't require users to download any new software. Instead, Hello allows users to "connect with anyone who has a WebRTC-enabled browser", including Chrome and Opera, as well as Firefox.

Hello also provides users for the first time with contacts management, including the functionality to manual input contacts or import through a Google account. Firefox Hello is powered by the OpenTok platform.

A more complete list of what's new in Firefox 34 can be found in the release notes here.

Mozilla welcome newcomers who want to be part of the Firefox project, and there are many ways that InfoQ readers can contribute to Firefox. A full list of options is available on the Mozilla Developer Network where Mozilla also publish a number of How To guides

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT