
Firefox 12 released - aritraghosh007
http://blog.mozilla.org/blog/2012/04/24/firefox-introduces-a-simpler-update-process-and-more-than-85-improvements-to-developer-tools/
======
mmuro
I don't know how Mozilla came to the conclusion that their Web inspector is
actually usable.

The HTML doesn't appear when inspecting (no, that takes an extra click). The
CSS appears in an extra vertical sidebar taking up even more room on the
screen. You can't add a Console button, but 3D View is worthy?

I love Firefox, but this it's just plain odd they didn't integrate Firebug
into core.

~~~
padenot
In my Nightly (don't know about current release), I just have to click once on
the show html button, and if I inspect another page later, it brings the HTML
panel along.

I actually find the vertical CSS sidebar to be an excellent choice. CSS (and
code in general) is an inherently vertical thing (short line length), whereas
the number of rules displayed is maximized using a vertical panel. A console
button would maybe be a good idea, but I only use the keyboard shortcuts, so I
don't mind, this prevent reducing the visual clutter.

Firebug is a seriously old and not that sufficiently maintened code base,
hence the choice to write new tools, more integrated with the browser.

~~~
dangoor
Yes, the style inspector is vertical for exactly the reason you cite. We're
also working on a better solution so that it doesn't cause issues with
responsive designs.

Firebug is still actively maintained and continues to have new releases and
improvements. Firebug 1.10 (currently in alpha), for example, is now
restartless and has less impact on page performance.

------
melling
This is the one with a full silent update? Soon most people will be running
one version of Firefox? Chrome + Firefox means 40%-50% of the Internet is
getting a browser update every six weeks. This will be a boon for software
developers.

~~~
Silhouette
_Chrome + Firefox means 40%-50% of the Internet is getting a browser update
every six weeks. This will be a boon for software developers._

I never understand this argument.

All we have now is two different fast-moving targets, both with a track record
of introducing breaking changes. IME this just results in a significantly
higher number of customers complaining to our customer support team (not
Mozilla's or Google's) that our web pages/embedded UIs don't work properly any
more.

I have yet to be convinced that this obsession with releasing every six weeks
really gets useful features out there in a way that benefits most users
anyway. As far as I can tell, about 99% of the developers using those features
are people writing tech demos for the browser makers and/or trendy web design
blogs. Much of the content on those sites doesn't even work on both Gecko and
WebKit at the same time, never mind IE. Meanwhile, real sites still have to
cope with a majority of visitors who don't have the latest shiny new features.

In any case, a lot of those features frankly aren't all that beneficial anyway
compared to basic things like not freezing the entire browser UI because one
tab is taking a while to load. That is something Firefox still can't do even
though it's several years after every other major browser had it, and the
apologists are getting awfully boring now.

~~~
wickedchicken
> I have yet to be convinced that this obsession with releasing every six
> weeks really gets useful features out there in a way that benefits most
> users anyway.

Security updates.

~~~
Silhouette
If it takes six weeks to push a security update, you're doing it wrong.

This is part of the problem with the fast update cycle: People are now
conflating security updates (which should be out there ASAP and should make no
functional changes at all) with functionality updates (which are never
necessary unless you want to visit a site that uses a new feature or to use
some change in the UI, have a much higher risk of unintentionally or
intentionally breaking stuff that used to work, and certainly don't need to
happen 8-9 times every year in any case).

------
superxor
Obligatory release notes: <http://www.mozilla.org/en-
US/firefox/12.0/releasenotes/>

Complete list of changes: [http://www.mozilla.org/en-
US/firefox/12.0/releasenotes/bugli...](http://www.mozilla.org/en-
US/firefox/12.0/releasenotes/buglist.html)

------
jasonkester
Glad to see they've finally moved to silent updates. That's the feature that
lost me years ago, and as nice to see it finally make it, I don't think I'm
coming back from Chrome.

The problem with the "hey, before we're going to let you use Firefox, we need
to download a new version for you. Wait a few minutes" screen is that it stops
you dead from being able to do whatever you opened the browser to do. It's
jarring enough to make you avoid Firefox for anything except the times when
you absolutely need to test something on it.

That means you use it less often, which means that opening it _always_ puts
you through that annoying process. Every Single Time you use Firefox.

So over the years, they've trained me that "Firefox == Pain". It'll take them
a long time to train me back.

But I applaud them for finally trying.

------
shin_lao
They're installing a service that runs with elevated privileges to bypass UAC.

I don't think it's a good thing to install that kind of loophole on your PC.

~~~
zobzu
That's actually the right way to do it. How do you think Chromes does? Right,
they're installing in the user area, not in the application area, to bypass
UAC. That's wrong.

Using a service that uses authenticated connections and signed installs is
similar to what Windows Update does, for the right reasons.

Best would be that Windows Update would be open to let any app hook into it
for updates of course, but til then, that's as close as it gets.

~~~
Dylan16807
A service to handle updates is good. A service _per application_ to handle
updates is not very good.

Why is chrome bad? It at least can't lead to a system compromise.

~~~
zobzu
Why not?

Since Chrome is in the user area, guess what, anything compromising Chrome can
overwrite Chrome itself. It can then prompt you with UAC or simply have a user
space trojan. (heh, and it can't compromise Firefox if it's also installed)

An updater has a several magnitudes less code to audit (thousand, millions
magnitudes?).

In Firefox's case, if Firefox is compromised, it cannot modify itself (heh, it
can compromise Chrome if it's also installed)

~~~
huhtenberg
If Firefox is in UAC'd location, then a Firefox compromise would simply drop
an .exe or .dll into user's directory and set it up to be launched by Firefox.
As an add-on, for example, or through the same exploit it used to enter the
system.

In other words, the installation location doesn't really matter. If the
process is breached, the user context is f#cked regardless.

~~~
keeperofdakeys
In this case, its only the updater that runs privileged (which last time I
checked was a separate application). The only way you should be able to
'compromise' it would be too man in the middle, and pretend to be Mozilla
servers. Even then, if it used SSL (I'm not sure it does), and had an embedded
certificate, then it should be fine.

~~~
mbrubeck
Yes, the Firefox updater uses SSL and other mechanisms to prevent man-in-the-
middle attacks. The update payload itself is signed with a private key
controlled directly by Mozilla, to avoid vulnerability to CA compromises [1].
The connection to the update server uses SSL and performs additional checks to
ensure not only that the SSL certificate is valid, but that it matches one of
a small list of known certs or issuers, so a bad CA can't issue a forged
certificate [2][3].

[1]:
[https://wiki.mozilla.org/Security/Reviews/Firefox10/SilentUp...](https://wiki.mozilla.org/Security/Reviews/Firefox10/SilentUp..).

[2]: <https://bugzilla.mozilla.org/show_bug.cgi?id=544442#c24>

[3]: <https://bugzilla.mozilla.org/show_bug.cgi?id=583678>

------
eps
Anyone else noticed a _significant_ improvement in overall responsiveness or
am I seeing things?

~~~
jmathai
I've been using Nightly for a few weeks and definitely noticed. It's been
about as fast as Chrome which used to be way faster.

~~~
cpeterso
I've been using Nightly for months now and it is surprisingly stable.

------
typicalrunt
In case anyone opens their Firefox 11 client and it doesn't automatically
recognize there is an update available, you can go to Help -> About Firefox
and it will grab the update.

Wait for the download to finish, then click the "Apply Update" button and you
will be updated to Firefox 12.

~~~
cpeterso
I believe Mozilla sometimes "soft launches" auto-updates to a subset of
Firefox users to find any new issues before opening the flood gates to update
everyone. But, as you point out, manually checking for updates should always
find the latest version.

~~~
notatoad
I don't think the soft launch is so much for finding issues, it's just so
their download servers don't get slaughtered.

~~~
mcpherrinm
Beta and earlier users tend to be different in a lot of ways from regular
Firefox users. Soft launching surely helps the download servers, but a large
point is to watch for new crashes, so that any emergency fixes can be put in
before unthrottling the release.

Past issues include antiviruses that crash Firefox because of their invasive
monitoring. While ideally these things would be caught by QA or early adopter
users, there's no way to test all possible combinations of software.

------
smhinsey
It seems to have subtly broken TreeStyleTabs on OS X, which is a shame because
I am addicted to it, but at least it's still usable (the tabs take up ~150
pixels of vertical space). Hopefully this will resolve itself with a TST
update.

That said, wow, the OS X improvements are huge. Previously I could only force
quit if I wanted to shut down to free memory or whatever, but now it closes
normally. I'm also not seeing the same kind of memory usage, but it's early so
I'm not sure how long that will last.

~~~
rkudeshi
What part of Tree Style Tabs does it break?

I was about to upgrade, but TST is by far my most important extension (and the
number one reason I've never seriously considered switching to Chrome).

~~~
smhinsey
It's purely the visual component I mentioned, the functionality seems to be
okay, although it's reported as broken in the add-on manager. I have the tab
bar docked on the left vertically and the tabs are ~3x taller than they should
be.

I'm the same way about switching to Chrome, by the way. I would love to but I
just can't picture life without TST after so many years.

~~~
kissickas
I don't see the tabs taking up extra vertical space, although 3x the size
should absolutely be noticeable. I did, however, have a problem yesterday when
watching a fullscreen video: if I put my cursor on the left side of the
screen, the tab bar would appear (as though I had it set to auto-hide) and
obscure that portion of the video. It was quite annoying because the sensitive
areas extended all of the way to the top left of my screen, where I have a
"corner" set up on my Mac to disable the screen saver.

~~~
smhinsey
Ah, you know what, I just figured out what the issue was. I was using the
"metal" TST skin and when I switched it to another one, the 150px-tall-tab
problem went away.

------
bnr
I still have my fingers crossed for Electrolysis (out of process
tabs/sandboxing) to ship before Firefox 30.

~~~
zobzu
It ain't going to happen until they rewrite Gecko in rust. But there might be
things that are close enough to it.

~~~
sanxiyn
No, Electrolysis is unrelated to Rust. <https://wiki.mozilla.org/Electrolysis>

A big problem for Gecko which does not exist for WebKit is XUL extensions. If
you think about it, XUL extensions must run in UI process (unlike Chrome
extensions), but XUL extensions can also access web content which lives in web
process. It is nearly impossible to make this 100% compatible...

~~~
RDeckard
I thought most Mozilla software was internally based on XPCOM. Then why can't
they just proxy the interface calls to go to a different process via standard
IPC mechanisms? (I've no knowledge of XUL extension model thou)

~~~
sanxiyn
They can and they do. It is called CPOW(Cross-Process Object Wrapper).
<https://wiki.mozilla.org/Electrolysis/CPOW>

The issue is that extensions expect to access web content synchronously, so
you need synchronous IPC for perfect compatibility, but that causes your UI
process to block on your web process.

------
Derbasti
Will there be a Lion fullscreen-mode and Lion-style floating scrollbars? That
would make my day!

Edit: Apparently, not so. A pity.

Does anyone know when we will see them?

~~~
mbrubeck
Lion fullscreen is coming in Firefox 14:
<https://bugzilla.mozilla.org/show_bug.cgi?id=639705>

You can use it today on the Nightly builds from <http://nightly.mozilla.org/>
or in a few days on the Aurora channel: <https://mozilla.org/firefox/aurora/>

Lion-style scrollbars are still in progress:
<https://bugzilla.mozilla.org/show_bug.cgi?id=636564>

You can test them on the UX branch:
[https://msujaws.wordpress.com/2012/03/15/mozillas-ux-
nightly...](https://msujaws.wordpress.com/2012/03/15/mozillas-ux-nightly-
build-of-firefox/)

~~~
Derbasti
So that's like, three months? Ok, not exactly the first ones on the field, but
good enough for me ;)

~~~
mbrubeck
Correct, Firefox 14 will be released in 12 weeks. (Or you'll get it in just 6
weeks if you switch to the beta channel!)

------
ComputerGuru
They haven't gotten rid of the "checking for compatibility updates" dialog -
which was the worst part of the Firefox upgrade process in the first place.

Until FF fixes their extension compatibility, stops breaking plugins with each
release, gets rid of version verification for all the popular plugins, and
finds a more streamlined way (non-modal, ffs!) of prompting you to
enable/disable extensions that are now broken or require more permissions,
they'll still be playing catchup to Chrome's autoupdate procedure.

~~~
zobzu
Well, they're playing catch up on that, that's for sure. But my understanding
is that they're adding the necessary features one by one. Next is silent
updates (=no dialogs). This one is just "no UAC prompt".

------
kijin
Updated both Firefox and Thunderbird today. As usual, no problems whatsoever.

On the other hand, I'm still waiting for the Thunderbird team to fix this:
<https://bugzilla.mozilla.org/show_bug.cgi?id=449299>

------
tomflack
Lion native full-screen mode: what's the difficulty stopping this?

~~~
potch
Nothing, actually! It's already in our Nightly builds, and will be appearing
in Aurora some time this week. You can grab Nightly at
<http://nightly.mozilla.org>

~~~
tomflack
Can you give us some insight in to the decision making process when
prioritizing feature additions then? It seems bizzare to me that it's taken
since the first developer preview in Feburary of 2011 to get the feature in to
merely the _nightlies_.

------
tvon
FWIW, the Web Inspector looked horrible until I switched to the default theme.

------
dfischer
We're going to have Firefox 50 in a year at this rate.

~~~
mbrubeck
Both Firefox and Chrome increment their version number every six weeks, so
it's easy to see that at this rate in a year we will have Chrome 26 and
Firefox 20. :)

