The update also includes patches for 17 security vulnerabilities, seven of them marked “critical.”
Mozilla highlighted several of the changes in Firefox 22, notably the default support for WebRTC (Web Real-Time Communications), an open-source API (application programming interface) that web applications can call for in-browser audio and video communications without requiring specialized plug-ins like Adobe’s Flash.
WebRTC traces its roots to Google, which acquired the VP8 video codec in 2010 from a company called On2, open-sourced the technology, and pushed for its adoption as a standard by the Worldwide Web Consortium (W3C). Mozilla engineers have been also working on the project to implement WebRTC in Firefox.
Google’s Chrome supports WebRTC, and Opera Software developers are also involved in the initiative. In February, Google and Mozilla announced that their browsers were interoperable, letting users of Chrome and Firefox communicate with each other.
Mobile phone strategy
Mozilla has also made WebRTC a foundation of its mobile phone strategy, which relies on Firefox OS, a lightweight browser-based operating system that will power low-cost phones from several carrier and handset partners. The latter includes FoxConn, the world’s largest contract electronics manufacturer best known as an assembler of Apple’s iPhones and iPads.
“Native code” refers to programs designed for a specific processor’s or processor family’s instruction set. Windows 8, for example, is native code for the Intel x86 and x64 instruction sets.
Mozilla’s OdinMonkey is an answer of sorts to Google’s Native Client, a technology that lets developers turn applications written in C and C++—software originally intended to run in, say, Windows—into ones that execute entirely within desktop Chrome and Chrome OS.
Like Mozilla, Google claims that Native Client code runs almost as fast inside the browser as the original did outside.
Firefox for Android was also updated Tuesday to improve WebGL rendering—a similar enhancement landed in Firefox 22 on the desktop—and to guarantee that smaller-sized tablets displayed the browser’s full interface.
Along with the usual slate of new features and improvements, Firefox 22 also patched 17 vulnerabilities, seven rated critical, Mozilla’s highest threat ranking. Six others were labeled “high,” three were marked “moderate” and one was tagged as “low.”
One of the critical bugs was reported by Nils, the second consecutive Firefox update contribution by the German researcher. Nils, a noted vulnerability researcher, was on a two-man team that won $100,000 in March for hacking Chrome at the Pwn2Own contest.
Also patched was yet another vulnerability in the Mozilla Maintenance Service on Windows, which powers the browser’s silent updates. Mozilla patched different bugs in the same service in both April (Firefox 20) and May (Firefox 21).
Security researcher Abhishek Arya, a Google engineer better known as “Inferno,” was credited with reporting three memory corruption flaws. Inferno and others on Google’s security team have reported scores of vulnerabilities to Mozilla based on their “fuzzer” stress testing.
Windows, Mac, and Linux editions of Firefox 22 can be downloaded manually from Mozilla’s site, while already installed copies will upgrade automatically. Users of Firefox for Android can retrieve the update from the Google Play store.
The next version of Firefox is set to ship August 6.
This story, "Firefox 22 browser update supplies web-calling capability" was originally published by Computerworld.