Mozilla released Firefox 52 that provides the popular open-source with some new features as well as 29 different patches for security vulnerabilities. Released on March 7th, 2017, Mozilla introduces WebAssembly as Firefox 52's biggest feature.
As the first browser to have that feature as standard, it allows native code to run in a browser, providing the ability for more complex applications to run with greater levels of performance. This enables Firefox to make games and other resource-hogging apps to "run faster than ever before in a web browser," said Mozilla.
"We expect that WebAssembly will enable applications that have historically been too complex to run fast in browsers — like immersive 3D video games, computer-aided design, video and image editing, and scientific visualization," said VP of Firefox at Mozilla Nick Nguyen.
Mozilla expects developers to use WebAssembly to speed up many of their existing web apps.
Firefox 52 also provides an improved capability for Wi-Fi users to log into captive portals at mobile hotspots. With a captive portal, users first need to login or agree to the terms of use, for a given access point, before being granted access.
"These captive portals are often problematic because the login page itself is hard to discover if the operating system doesn’t detect it," wrote Nguyen. "With today's release, Firefox now automatically detects captive portals and notifies you about the need to log in."
In Firefox 52, the web browser officially disables all plugins that use the Netscape Plugin API (NPAPI), other than Adobe Flash. Mozilla has warned developers and users since October 2015, saying that it was going to remove support for NPAPI.
Firefox 52 also brings security in mind. The version provides a new security feature that aims to protect users against insecure cookies. The Strict Secure Cookies specification, for example, will prevent any unencrypted HTTP sites from being able to set secure cookies.
The idea for Strict Secure Cookies specification is to make sure that security is maintained throughout the web transport process.
"In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing 'secure' cookie from the same base domain," said Mozilla when announcing Firefox 52.
And for added security, Firefox 52 can alert users if they are about to enter username and password on a page that isn't encrypted with HTTPS.
Among the 29 different vulnerability patches on Firefox 52, 7 of them were rated as critical: 2 vulnerabilities fixed were CVE-2017-5398 and CVE-2017-5399, which were identified by Mozilla as being memory safety bugs. 3 vulnerabilities were the Use-After-Free memory issues (CVE-2017-5402, CVE-2017-5403 and CVE-2017-5404). The last 2 include an ASLR (Address Space Layout Randomization) bypass and a Memory Corruption issue when handling error results.