Mozilla drops support for binary components in extensions

Martin Brinkmann
May 6, 2015
Firefox
|
28

In what appears to be a rather rushed decision, Mozilla disabled supported for binary XPCOM components in extensions in the Gecko engine when Firefox 40 is released.

While it is being introduced with the release of Firefox 40 Stable, it will affect all Gecko-based programs including Mozilla Thunderbird.

Mozilla justified the change in a blog post yesterday stating that binary XPCOM components are unstable and are a cause for instability especially in Firefox.

The organization notes that most add-on developers have moved away already from using these binary components and that it has added support for native binaries to the addon SDK directly instead.

The number of extensions affected by the change is unclear at this point in time. The calendar add-on Lightning is probably the most popular extension that still relies on binary XPCOM components.

The change comes at a rather inappropriate time for Lightning as the Thunderbird team plans to ship it with version 38 of the email client.

The owner of Lightning chimed in and revealed that a switch from binary components to JavaScript would impact performance big time stating that code execution for some routines would jump from a few hundred milliseconds to six seconds.

The only other quick fix available would be to integrate the binary component directly into Thunderbird, as clients retain access to it while extensions don't. But this would result in issues for other compatible applications such as SeaMonkey as this would have to be done in those programs as well.

One favorable solution right now would be to add a configure-level flag instead of shutting down access altogether right away. This would give extension developers more time to address the issue and rewrite code to ensure compatibility with version 40 and beyond of Firefox and Thunderbird.

It is unclear how Firefox forks or spin-offs like Pale Moon will handle the change.

So what is the worst case scenario?

Extensions that rely on binary components will stop working when Firefox 40 and Thunderbird 40 are released. The only exception right now are B2G released.

If Mozilla implements a flag for Thunderbird to bypass the restriction for the time being, then it should give extension developers more time to find a suitable solution without breaking extensions when Thunderbird 40 hits.

Firefox 40 will be released in August 2015.

Now You: Are you impacted by the change?

Summary
Mozilla drops support for binary components in extensions
Article Name
Mozilla drops support for binary components in extensions
Description
Mozilla announced that it will drop support for binary components in extensions in Firefox 40 and all other Gecko-based programs with the exception of B2G.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. jm said on May 10, 2015 at 6:54 am
    Reply

    One reason for me to stop using FF was that it got a lot slower with Australis
    and -classic theme restorer- than classic FF, specially on an older PC’s.
    Palemoon x64 was slow to so I tried PM x32 and found it quicker on that same PC.
    I also found the -Atom- version of Palemoon to be the fastest on my Atom330.

  2. CHEF-KOCH said on May 7, 2015 at 2:10 am
    Reply

    I don’t know why you or people here always mention Pale Moon it’s just a clone that claims to be more secure – in fact less people working on that so I think it’s not possible that it’s more secure compared to huge project like the real Firefox. I know they saying it’s not Firefox anymore but looking at there changes just reveals the opposite except some changes here and there in the name of security, so I wouldn’t let me blind on that promised that it’s more secure. But people always believing in myths like that. If they really care why not open an bug report on the official browser, never got that – now we have million cloned forks that promising great futures but I think that’s the wrong way.

    About that binary thing, well I’m not happy with it but in the name of security that may can solve some problems. Imho I think it would be good if they would allow such binary thing for trusted people/organizations to not break stuff or just update there scanners to add a blacklist which may compromise the security – because I bet there are not many binaries that really harm or bypass all security mechanism that easy.

    1. michal said on May 7, 2015 at 4:13 pm
      Reply

      Well, I guess people say that Palemoon is more due to lack of knowledge. It’s basicly the same as FF, but with some changes that MAY increase security. Please have a look at technical details here:
      https://www.palemoon.org/technical.shtml

      Some other misunderstanding regarding PM are explained in link above and this one:
      https://forum.palemoon.org/viewtopic.php?f=4&t=7818

      So, what do you think then about PM? Yes, it’s a fork. But a special one;).

      Regards,
      M.

    2. Corky said on May 7, 2015 at 10:44 am
      Reply

      Going on what Martin said in this article though it’s not being done for security reasons, it’s being done for stability.

  3. CJ Earner said on May 6, 2015 at 9:59 pm
    Reply

    There are only two reasons I use Thunderbird and one of them is the Lightning extension. Although I mostly use it as a front-end to Google Calendar, the reminder pop-ups are especially important to me.

    The other reason is that I archive my Gmail to a local IMAP server and Thunderbird works very well for that purpose and as a front-end to search my archive.

    I’m testing Vivaldi and the Sunrise app currently. If Vivaldi adds multiple IMAP mail capability I’m probably going to kick Mozilla products to the curb.

    I dislike the user interface in SeaMonkey. It’s too cluttered for my taste.

  4. Boris said on May 6, 2015 at 9:21 pm
    Reply

    The only extension I use that has binaries is LastPass. LastPass guys are fast to adapt. So, this is only of Mozilla announcements I am not worried about.

    1. DonGateley said on May 6, 2015 at 10:04 pm
      Reply

      Boris, how did you determine that?

      (Martin, please stop sending me email that I must click through in order to enable the notifications that I ask for.)

      1. Boris said on May 7, 2015 at 7:06 pm
        Reply

        I used to clean extension folders every month from unnecessary translations/readme files and of cause I looked in all other sub-folders. Only extension that had binaries in extension folders is LastPass. Interestingly, Lastpass major functions will work with binaries deleted(I tried). Binaries are not necessary for editing fields/filling fields/saving fields/menus functionality.

      2. DonGateley said on May 7, 2015 at 7:39 am
        Reply

        (Martin, ignore that request. Wrong blog. Sorry.)

  5. Gonzo said on May 6, 2015 at 9:07 pm
    Reply

    I’ve spent the last two weeks looking for a new web browser and here are my thoughts;
    Pale Moon:
    I’ve been using it as my primary browser since 2013. Prior to that I used Firefox. The recent HTTPS-Everywhere update being incompatible was what prompted my search for a new browser. Unfortunately, the list of incompatible extensions from Mozilla’s catalogue is only going to increase. It’s now my secondary browser.
    Opera:
    It’s just another Chrome respin, so I didn’t bother.
    Google Chrome:
    Google is the king of creepy but because of it’s popularity, I decided to give it a go. I was impressed with the ADM templates Google provides, really impressed! However, reports of Google taking more than 3 days to deliver Flash updates via Chrome Components, combined with the inability to disable WebRTC and the general lack of configuration options made me decide to give Firefox another try.
    Firefox:
    Australis is a complete mess! I tried a bunch of userChrome.css hacks before giving up and installing Classic Theme Restorer. Good thing I have OCD (sarcasm), I spent a loooong time going through about:config and comparing prefs.js to that of Pale Moon. I can finally say, I’m in love again with Firefox! x86 Firefox 37.x starts faster than x64 Pale Moon 25.3.x (on Haswell hardware) and feels more responsive. HTML5 is better supported by sites and all my addons work. The only thing I miss from Pale Moon is the about:logopage and knowing that sane defaults will be selected. So, I’m considering a move to the ESR branch when FF 38 is released. Looking at CVE’s, bug reports, and announcements like these, it seems to me the better option. Especially since I ended up disabling most of the “new features”.
    Conclusion:
    Despite Australis, Telemetry and some really questionable default settings, Firefox still has more potential than any of it’s competitors. However, the amount of effort it takes to make it great is absurd (I have almost 2 pages of notes!). If I was looking for something that “just works” and Google’s creepiness didn’t bother me, I’d choose Chrome everyday. With the ADM template you can lock down the extensions, addressing the very real issue surrounding the security of Chrome’s Extensions.

    1. michal said on May 7, 2015 at 9:41 am
      Reply

      Hi,

      just to let you know, there is a fork of https everywhere for palemoon
      https://addons.palemoon.org/extensions/privacy-and-security/encrypted-web/

      To all: did you notice that K-meleon is back to life again?

    2. Sergei said on May 6, 2015 at 9:56 pm
      Reply

      FYI it is now possible to disable WebRTC in Chrome 42+. It involves editing a text file but it works. Hopefully they will add a graphical way to disable it in the future.

      https://code.google.com/p/chromium/issues/detail?id=333752#c67

      1. Gonzo said on May 7, 2015 at 12:04 am
        Reply

        No, that disables the local IP lookup “feature” of WebRTC used to expose VPN users true identity. It DOES NOT disable WebRTC.

    3. MartinPC said on May 6, 2015 at 9:36 pm
      Reply

      Thanks for this useful (and easily digested) comment. I’d love to see your two pages of notes, as I’m still on Pale Moon x64 but am concerned that that Mozilla will continue to make changes to Firefox extensions that break too many of them in Pale Moon. I’ve done my best (including installing Classic Theme Restorer) to keep Firefox tolerable as a backup browser, but I’m sure there are a bunch of things I’ve overlooked.

      As for Chrome, I get the distinct impression that it makes it impossible for users to escape Google’s tracking and data-mining. And on my 4GB, Core 2, Win7x64 system, with just three extensions and two open tabs it was easily the worst-performing program I’ve ever suffered through. (I quickly learned never to check for Chrome updates within the program, unless I was going out for a mani-pedi or something…) I just bit the bullet and will be upgrading to 8GB RAM within a few days — my Pale Moon usage occasionally pushes me over the edge into endless disk-swapping hell — but even so I don’t think I will be re-installing Google Chrome. Being tracked and data-mined by Comcast and NSA is quite enough for me, thank you. :-(

      Thanks again for your comment.

      1. Dan82 said on May 7, 2015 at 9:44 am
        Reply

        Fair enough, MartinPC. I haven’t been using any of these Chromium forks either, Iron was just the first one that came to mind. Many of them have been discontinued, among them WhiteHat Security’s attempt called Avalon. At least that one has the source code of its last version (37, I believe) available at GitHub.

      2. MartinPC said on May 7, 2015 at 1:06 am
        Reply

        @Dan82:

        I don’t trust SRWare Iron any more than I trust Google Chrome or Comcast or the NSA:

        SRWare Iron – Wikipedia, the free encyclopedia
        https://en.wikipedia.org/wiki/SRWare_Iron

        * * * SRWare Iron “is entirely closed source and has been since at least version 6”. According to lifehacker, Iron is “supposedly open source but haven’t released their source for years and the browser doesn’t really offer much you can’t get by tightening down Chrome’s own privacy features on your own. * * * *

        Unverifiable promises of respect for privacy haven’t been terribly reliable up to now, and they have been very weakly enforced (if at all) by the US government. That’s not to say that a different, open-source Chromium-based browser might not be potentially interesting once I’ve boosted my RAM to 8GB.

      3. Dan82 said on May 6, 2015 at 10:50 pm
        Reply

        “As for Chrome, I get the distinct impression that it makes it impossible for users to escape Google’s tracking and data-mining.”

        Why don’t you use Chromium, then, or any of the other Chromium forks which disable identification/tracking features by default (ie. SRWare Iron)?

        By the way, before you think Opera could be a better alternative to Google’s Chrome browser, I’d advise against it. The Norwegian company has been using a number of concerning privacy-related features in their browser which cannot be deactivated, at least not without manually editing configuration files. Why this hasn’t been discussed in a more public setting, I don’t understand. If you want to research, look for traffic to sitecheck2 dot opera dot com (fraud protection, can’t be disabled) or what happens with the default search engines (can’t be changed either).

  6. MartinPC said on May 6, 2015 at 8:05 pm
    Reply

    It would be nice if Mozilla would provide a list of the Firefox extensions hosted on addons.mozilla.org that contain binary XPCOM components. I’m not a coder, but I’m guessing that it should be possible to generate one programmatically. I suppose Firefox and Thunderbird users will find out which of their extensions still do come August. Most ordinary users like me aren’t going to bother installing a beta to find out earlier.

    1. Martin Brinkmann said on May 6, 2015 at 8:28 pm
      Reply

      I agree this would be handy not only for users but also developers if Mozilla did not already inform them about the change.

  7. Trebuchette said on May 6, 2015 at 7:47 pm
    Reply

    Damn I need some more browser alternatives. I’m on FF28 right now. (Pale Moon was great until *its* change.) All my extensions still work, though I back up before updating anything.

  8. midea said on May 6, 2015 at 5:37 pm
    Reply
    1. Dan82 said on May 6, 2015 at 10:27 pm
      Reply

      I’m having the same issue. It seems you’re experiencing the following bug. If the most recent comments are to be believed, it might be fixed with Firefox 40, which is set to be released in about three months on August 11th.

      https://bugzilla.mozilla.org/show_bug.cgi?id=1067470

  9. Corky said on May 6, 2015 at 5:30 pm
    Reply

    It seems like Mozilla are purposefully developing themselves (Firefox) into obsolescence what with GUI changes, forcing addons signing, depreciating HTTP, the list goes on.

    People could be forgiven for thinking Mozilla wants out of software development but can’t bring its self to say so, maybe they think once their market share drops low enough they can justify shutting up shop.

  10. GunGunGun said on May 6, 2015 at 5:14 pm
    Reply

    Firefox day by day becomes worse and worse, Did you switch to Palemoon already, Martin ?

    1. Martin Brinkmann said on May 6, 2015 at 6:51 pm
      Reply

      No I did not. I do keep an eye on its development though.

      1. MartinPC said on May 8, 2015 at 12:56 am
        Reply

        @George:

        Any particular reasons you think Pale Moon is worse than other Firefox forks? I don’t really have a dog in this fight; I’m just curious to hear why, e.g., Cyberfox might be better.

      2. George said on May 7, 2015 at 8:11 pm
        Reply

        You don’t say. It only gets a mention in every Firefox article. It’s easily the worst popular fork of Firefox that I’ve found.

  11. anon said on May 6, 2015 at 5:07 pm
    Reply

    >binary components
    Jesus Christ. Good riddance!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.