Firefox 54

Mozilla released yesterday version 54 of the Firefox browser, which has expanded the multi-process feature from two to five processes (one for the UI, four for browser content).

Mozilla launched multi-process support in August last year, with the release of Firefox 48, but the organization only split Firefox's process into two, one for the browser's UI, and one for handling web page content.

Back in 2016, and again in February 2017, Mozilla engineers promised to improve multi-process support in the coming releases.

Firefox 54 is an intermediary step to the goal of having a Firefox release with unlimited multiple processes, similar to how Chrome works. In Firefox 54, engineers increased the number of content processes to four. The image below shows how this works.

E10s support in Firefox 54

In addition to increasing the number of content processes, Mozilla also rolled out the feature to more users. When multi-process support launched last year, the feature was rolled out only to 1% of the Firefox userbase, only to those running barebones Firefox browsers, with no add-ons. The number of users who received multi-process support — also known as Electrolysis or e10s — has now expanded to Firefox users who use e10s-compatible add-ons. Users who still use older, non-e10s-compatible add-ons will have to wait.

Firefox power-users can adjust the number of content processes today and boost it to 10, 20, or whatever number they like. Just open a new tab and access the "about:config" page. Here, search for "dom.ipc.processCount" and adjust the default value to the one you'd like.

These new features have made an impact in Firefox's performance and allowed v54 to perform better in Mozilla's internal benchmark tests in terms of RAM usage.

Mozilla benchmark

Besides the improved multi-process support Mozilla rolled out yesterday, Firefox 54 also expanded the WebExtensions API, its new cross-browser add-ons API, modeled after the one used by Chrome, Vivaldi, Opera, Edge, and others.

The revamped API premiered last year in Firefox 48, and engineers said it will slowly roll out and replace the old Add-ons API by Firefox 57, set for release in November 57, when only add-ons built on the new WebExtensions API will work in Firefox.

Other changes:

Moved the mobile bookmarks folder to the main bookmarks menu for easier access.
Added Burmese (my) locale.
Simplified the download button and download status panel.
Developers-related changes are here.

Firefox security fixes:

CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
CVE-2017-5471: Memory safety bugs fixed in Firefox 54
CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-7749: Use-after-free during docshell reloading
CVE-2017-7750: Use-after-free with track elements
CVE-2017-7751: Use-after-free with content viewer listeners
CVE-2017-7752: Use-after-free with IME input
CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
CVE-2017-7757: Use-after-free in IndexedDB
CVE-2017-7758: Out-of-bounds read in Opus encoder
CVE-2017-7759: Android intent URLs can cause navigation to local file system
CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
CVE-2017-7762: Addressbar spoofing in Reader mode
CVE-2017-7763: Mac fonts render some unicode characters as spaces
CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
CVE-2017-7765: Mark of the Web bypass when saving executable files
CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
CVE-2017-7778: Vulnerabilities in the Graphite 2 library