Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News 64-bit Firefox for Windows in Firefox 43

64-bit Firefox for Windows in Firefox 43

This item in japanese

Mozilla has released 64-bit Firefox for Windows, along with many changes for web developers in Firefox 43.

As reported by InfoQ in March of this year, a 64-bit Firefox aims to give users "rich, desktop-quality app experiences in the browser." For game developers, 64 bits means the difference between a 2GB heap size, and a 512mb heap in a 32-bit browser when porting to asm.js. This can determine whether a game will run in a browser.

InfoQ reported In October this year that Mozilla plans the end of NPAPI in Firefox by the end of 2016. A 20 year-old technology, NPAPI (Netscape Plugin API) has drawn criticism from Google that it is a “leading cause of hangs, crashes, security incidents, and code complexity.”

Mark Mayo, senior vice president for Firefox, in the post Firefox 64-bit for Windows Available, warns:

Firefox 64-bit for Windows, by design, has limited support for plugins and users will notice that certain sites requiring plugins that worked in previous 32-bit versions of Firefox might not work in this 64-bit version.

In the blog post Firefox Gives You More Control Over Your Data in Private Browsing Mozilla also report changes to their Tracking Protection, with users able to now choose between "basic" and "strict" protection levels.

While basic blocks "many ad, analytics and social trackers," the strict level "will block additional content trackers such as those often found in video, photo and embeddable content." However, Mozilla warn of cases where some sites are not working properly "and in some cases being unusable."

Firefox 43 also resolves two critical vulnerabilities in the browser; 2015-149 "Cross-site reading attack through data and view-source URIs," and 2015-148 "Privilege escalation vulnerabilities in WebExtension APIs."

2015-149 details a mechanism that violates same-origin policy to content using data: and view-soure: URIs to confuse protections and bypass restrictions. According to Mozilla "This resulted in the ability to read data from cross-site URLs and local files."

In issue 2015-148 the privileges of a particular WebExtension "could allow arbitrary web content to execute code" with API calls. Mozilla say that in some cases "this could result in personal information theft and cross-site scripting (XSS) attacks."

Among the changes for developers in Firefox 43 are ES2016 methods Array.prototype.includes() and TypedArray.prototype.includes() enabled by default, a new IndexedDB feature called locale-aware sorting, allowing for the creation of indexes with a locale specified, and messages sent from the server now displaying in the web console.

For a full list of updates, visit Firefox 43 for developers.

Rate this Article