Firefox 79: A thin release for regular users, but plenty for developers to devour

Reverse tabnapping is no more


Mozilla's Firefox 79 is here, but general users shouldn't get too excited – almost all the new features are aimed at developers.

The snag with a four-week release cycle is that coming up with notable new features at such a rapid pace is a challenge, and perhaps not even desirable, since stability and familiarity are also welcome attributes.

The release notes for Firefox 79 are short: more users are getting WebRender, which uses the GPU to accelerate and smooth page rendering. Specifically, Windows 10 users with AMD GPUs will now get WebRender even when running on battery. Mac and Linux users are still waiting, unless they care to use a pre-release build. There are still "bugs that block shipping" WebRender on Mac.

There is also a security fix. Many web pages use target="_blank" on links so the reader stays on the original page while a clicked link opens in another tab or window. An issue with this approach is that the linked page gets access to the source page via the window.opener property, exposing the user to reverse tabnapping. The fix is to add rel=noopener to the link, which sets the window.opener property to null. Firefox 79 will now do this automatically. In the case where this link is required for legitimate reasons, it can be explicitly enabled.

How reverse tabnapping works (pic: OWASP)

How reverse tabnapping works (pic: OWASP)

Aside from not being hacked, users may also notice a performance improvement thanks to the return of shared memory, allowing fast communication between threads. This was disabled in 2018 because of Spectre and other processor bugs that make this dangerous. It can now be re-enabled but only for web pages with special headers set that are in the same tab, including any popups.

Not the biggest release, but good work, especially for those who would otherwise be tabnapped.

Developers will find more to play with. Promise.any() lets you write code that fires multiple promises and fulfils the first one that resolves. It is described as experimental. It looks similar to the existing Promise.race, but the difference is that with Promise.race, if the first promise to return is a rejection, the promise rejects, even if one of the other promises resolves. Promise.any looks more useful.

Lovers of exotic operators will enjoy this one too. Firefox 79 implements the logical assignment proposal including ??=, which assigns only if the left-hand side is null or undefined ("nullish").

There is more: weak references (referring to a target object without preventing it from being removed from memory by garbage collection), though the notes say "avoid if possible"; new WebAssembly operations including WebAssembly threads if shared memory is enabled; and a tab.warmup() function to improve performance where the user is about to open a new tab.

The debugging tools are also enhanced, with async stack traces, allowing easier debugging of promises and other asynchronous code, and the appearance of network request errors in the debugging console – previously these only appeared in the Network panel in the debugging tools. The debugger is improved with errors highlighted in the source code complete with explanation, and the ability to Restart Frame – which means returning to the top of the current frame in the call stack. "Time travelling within the current call stack," stated the notes, except that variables are not reset to their original values. ®

Similar topics


Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022