Firefox 18 brings TURKTRUST update, Retina support, faster JavaScript - oh, and 20 other security fixes

Filed Under: Featured, Firefox, Security threats

Firefox 18 has been released.

This month, there were 2917 bugs patched, with 21 security fixes.

Twelve of the security fixes were deemed critical.

There's also a brand-new JavaScript compiler (though it augments, rather than replaces, the old one), and full-on support for Retina displays on the groovier sorts of Mac.

New JavaScript compiler

The big-feature news, according to the Mozilla Foundation, is the official introduction of a new JavaScript engine, known as IonMonkey.

There have been lots of Monkeys in Mozilla's JavaScript stable, most recently TraceMonkey and JaegerMonkey. These have both offered what's known as Just In Time compilation, or JIT.

This is a feature that converts JavaScript code, which has traditionally been compiled to some kind of machine-independent internal representation and then interpreted, directly into machine code.

This can improve runtime performance greatly, albeit with potential security costs. (There's obviously a lot more to go wrong when you generate machine code and feed it directly into the CPU.)

But instead of converting an entire JavaScript module into machine code up front, as you might do with a standalone C/C++ program, a JIT compiler produces machine code chunks only when they're about to be executed for the first time.

This avoids lengthy startup delays, which can be annoying in an interactive environment like a browser, especially if you load a large JavaScript program but only end up using a tiny fraction of its features.

IonMonkey is supposed to improve the code optimisation habits of the JaegerMonkey JIT compiler, allowing it to generate code that's 25% faster, at least in carefully-chosen benchmarks showcased by Mozilla.

This new feature comes at a cost: complexity.

IonMonkey does more work preparing your code to run, so it only boosts overall speed for JavaScript that runs for a while, such as a game or a content viewer. JaegerMonkey has therefore been retained as well, and is still used for simpler-looking JavaScript programs.

TURKTRUST certificates distrusted

The security fix that will probably ring the most bells with Naked Security readers is the one that officially deals with the TURKTRUST SSL certificate blunder.

The code diff (the details of what was added to and removed from the source code itself, denoted by lines starting with plus and minus signs respectively) can be viewed online.

You will notice that it removes TURKTRUST's most recently issued root certificate (issued in 2007 and valid until 2017) altogether.

ff18-diff-500

Presuambly, when the dust has settled on this incident, TURKTRUST will mint a new root certificate and persuade the Mozilla team to re-adopt it as a bestower of trust.

Additionally, the two known wrongly-issued intermediate certificates that were generated by TURKTRUST back in 2011 are now recognised by Firefox and treated as explicitly distrusted. That means that any SSL certificates signed by those intermediate certificates simply won't work.

MacBook Pro Retina support

The really groovy thing, at least for readers who are as fortunate as I am, and who own a MacBook Pro with Retina display, is that Firefox 18 now directly supports the enhanced-resolution Retina modes.

The text in your Firefox browser window now really does look like a printed page.

(I told Chester. His response? "Meh." Ignore him. If you are a Retina-owning Firefox user, upgrade to Firefox 18 now for the HiDPI text rendering alone. It really is groovy.)

Built-in PDF viewer still turned off

Sadly, by default, you'll still officially need a plugin (or an external program) to read PDF files. Firefox's long-awaited built-in PDF viewer, known as pdf.js, hasn't yet gone live.

Of course, you can turn it on if you like, simply by visiting the URI about:config and changing the setting pdfjs.disabled from true to false.

I only had one disappointment in doing so, namely that when you're in the PDF viewer, the Retina display isn't properly supported.



In a HiDPI Retina mode, PDF text is blurrier than in the corresponding non-Retina mode, presumably because the display is trying to improve things with anti-aliasing but merely exaggerating the lower resolution of the content.

Still, you can't have everything.

I'll take print-quality sharpness on regular web pages, faster JavaScript and the numerous security fixes, and hope that Mozilla ramps up the built-in PDF viewer by the time it goes live by default.

Enjoy.

, , , , , , , , ,

You might like

3 Responses to Firefox 18 brings TURKTRUST update, Retina support, faster JavaScript - oh, and 20 other security fixes

  1. Matt · 659 days ago

    I'm with Chester on this one :)

  2. Stan H. · 659 days ago

    I'm looking for a reason that Norton and Firefox are now incompatible, ever since Firefox 16 was available for the Mac. Norton has a dialog box that flashes to indicate it won't be able to support the Firefox browser and can't provide virus and firewall protections. I'm also looking to learn whether either of these two outfits are trying to work that problem out. My cable provider puts Norton up as a part of their full packaging, so I can't quite eliminate Norton from the picture.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog