Firefox 'Lorentz' arrives but with restrictions

Out-of-process plug-in rescuing goes public in Firefox 3.6.4, but only for Windows and Linux users.

Firefox 3.6.4 might not sound like a major update, but the latest version debuts an important new feature for Mozilla's browser. Code-named "Lorentz" and available for Windows and Linux, the update includes the highly-anticipated Out-of-Process Plug-in (OOPP) "sandboxing" feature that prevents specific plug-ins that crash from taking down the entire browser. In this initial implementation, OOPP will prevent Adobe Flash, Apple QuickTime, and Microsoft Silverlight crashes from causing browser-wide instability.

Firefox 3.6.4 incorporates out-of-process plug-in protections that prevent plug-in crashes from taking down the entire browser.

Firefox 3.6.4 incorporates out-of-process plug-in protections that prevent plug-in crashes from taking down the entire browser.

(Credit: Mozilla)

While Mac users do get the security fixes made in their version of Firefox 3.6.4, they won't get OOPP support. In an FAQ, Mozilla said that getting OOPP to work on the Mac version of Firefox "requires major changes" to the browser, and that users should expect it in the major Firefox 4 update due late this year.

OOPP has been part of Google Chrome for some time but in a slightly different form. Mozilla's version, which the publisher touts as allowing users to experience "uninterrupted browsing," is slightly different in that it relates only to specific plug-ins. Plug-ins are not the same as extensions and add-ons, although some people colloquially use the terms interchangeably. A plug-in is a special kind of add-on that helps the browser perform specific functions such as media playback or viewing images that would otherwise be unviewable.

So in Firefox 3.6.4, when a plug-in crashes, only the plug-in component of the page becomes unusable. This is the same as Chrome, but Chrome differs in that its tabs are "sandboxed" so that if the renderer crashes one Web site, the rest of the browser will not crash. Non-OOPP crashes in Firefox will still take down the whole browser, but Mozilla expects people to see a dramatic reduction in the incidence of browser crashes because of the OOPP innovation.

OOPP also will automatically let Firefox 3.6.4 users know when plug-ins need to be updated. If you're not sure of a plug-in's status, Mozilla has created a Web site that will automatically scan your plug-ins, let you know which ones need to be updated, and provide download links for them.

For a while, it seemed like Firefox 3.6.4 might launch without the OOPP feature. A potential security risk kept the browser from hitting its original street date of early June. Other repairs made in this version include four critical security bug fixes and several minor ones, related to buffer overflow, integer overflow, reused free objects in plug-ins, and memory corruption.

Correction: Erroneous information about how Chrome manages plug-ins has been removed from the original version of this story.

CNET Top 5
Companies Apple could buy with their billions
Apple's sitting on a massive pile of cash. Here are five interesting ways they could spend it.
Play Video
 

Member Comments