Yesterday, the Mozilla Foundation offered web developers a pre-release version of the forthcoming Gecko 1.9.3 engine. It's this engine that will power a future rendition the popular Firefox web browser.
Gecko 1.9.2 runs Firefox 3.6, the current version of the browser that introduced Personas, the personalized themes that change the browser's appearance.
OOPP
Gecko 1.9.3 manages plug-ins differently than earlier versions of the web engine, so that on Windows and Linux machines Adobe Flash and Microsoft's Silverlight (Moonlight on Linux) run in separate processes than other browser functions. As a result, if Flash Player crashes, Firefox does not. Since plug-ins are one of the leading causes of browser failures, this new feature—called out-of-process plug-ins (OOPP)—could make the already stable Firefox even better.
There are some known bugs with OOPP support. But developers can test the feature by following the instructions offered in the Mozilla Wiki post for OOPP testing.
Improved Security
Ecommerce developers, who are frequently concerned with data security and PCI DSS compliance, will like Gecko 1.9.3's improved content security. Using what Mozilla calls its Content Security Policy, Gecko 1.9.3 restricts certain kinds of web scripting to prevent three specific types of attacks: cross-site scripting (XSS), clickjacking, and packet sniffing attacks.
XSS attacks inject client-side scripts into otherwise trustworthy web pages, which are then viewed by others. These attacks generally bypass browser security measures and give the hacker access to other users' session data, cookies, and even page content. For 1.9.3, administrators can specify which domains the browser should consider valid where scripts are concerned. By some estimates, XSS might account for 80 percent of all attacks on content security, so this is an important improvement.
Gecko 1.9.3 also allows sites to specify which domains can embed resources via a frame or iframe, and allows sites to restrict which domains can be sources of loaded content, thus foiling clickjacking and packet sniffing attacks
New Features for Web Developers
Generally, Gecko 1.9.3 improves support for advanced web development features, including:
- Support for the placeholder attribute for
<input/>and<textarea>. - Support for SMIL animation in SVG.
- Support for CSS transitions, except for the animation of transforms and gradients.
- Support for WebGL when the user selects it by changing a preference.
- Support for the getClientRects and getBoundingClientRect methods on range objects.
- Support for the setCapture and releaseCapture methods on DOM elements.
- Support for the HTML5 History.pushState() and History.replaceState() methods and the popstate event.
- Support for the -moz-image-rect() value for background image.
Download the Pre-release
You can download the pre-release version of Gecko 1.9.3 below.
Related Articles
- Mozilla Releases Firefox 3.6, Featuring Better HTML 5 Support, CSS Gradients, and Device Orientation
- Interview with Ian Hickson on the HTML 5 Specification
- Six Exceptional HTML 5 Videos
This article is filed under Platforms, Tools & Software and has the following keyword tags: Firefox, Mozilla, Gecko, web browser, XSS, OOPP.
1 Comment
tcraw1010 says:
I have to say, for all of the "improvements" that Mozilla indicates, there seem to be quite a number of problems/issues as well. For myself, I am upgraded with the most current version and came to find out that many of my "add on" toolbar icons are no longer there - and there doesn't seem to be any viable recourse to get them back (e.g. "speed dial").
In the grand scheme of things, it's not THAT huge of a deal ... but it's still annoying.
