Can Firefox not be protected with standard error handling procedures and abstraction to not crash a page or the whole browser when a plugin goes wrong?
Chrome has plugins and it rarely crashes with the plugins I typically use. Originally, I had to switch from Firefox because of unstable plugins (although I have come back on mobile, because at least they gave plugins).
How is Chrome able to encapsulate, but Firefox isn't? And why shouldn't that be blamed on the browser itself? Maybe I am confusing "extensions" and "plugins". If so, how are they different?
> Can Firefox not be protected with standard error handling procedures
Unfortunately, the way these third party injected DLL's work, they have full access to all memory within the firefox process. When they go wrong, they can corrupt or change anything, so it is pretty hard to protect against them.
> Chrome has plugins and it rarely crashes with the plugins I typically use.
Chrome doesn't allow 3rd party DLL's either. Chrome plugins run inside the javascript VM.
They made the change 5+ years ago, and it really helped stopping crashes.
Thank you for the clarification on the inner workings of both Firefox and Chrome! I hope Firefox moves to making blocked 3rd party dlls the default. Apparently the major chrome plugins have been able to work around it.
It's notable that most third party DLL's usually aren't made for chrome/firefox specifically. They inject into every program.
They're normally things like the a gaming mouse which has a DLL that injects into every windows process to make the mouse light change colour when you hover over a text field. Or a 'firewall' that injects into every process to try and find HTTPS encryption keys so it can scan HTTPS content in realtime. Or a 'password protected folders' feature that will pop up a dialog box if any program tries to read a file in a protected folder and ask for the unlock password.
And all 3 of those can easily crash in Firefox. The gaming mouse doesn't understand that firefox renderers live in a sandbox, so when it tries to send a message to the mouse to change the light color that breaches the sandbox causing a crash. The 'firewall' assumes the https encryption key will be in memory of the process making the TCP connection - but in a multi-process architecture that may not be the case - so crashes. The 'password protected folders' makes a dialog box, but hangs the calling thread until the user types the password. Because firefox is multi-process, they have a hang detector which thinks the process has locked up so kills it, and the user thinks it crashed.
All in all, these 'kinda plugins for windows, but not using any official API' are a bad idea when they interact with code they have never been tested to work with. Thats the real problem.
Chrome has plugins and it rarely crashes with the plugins I typically use. Originally, I had to switch from Firefox because of unstable plugins (although I have come back on mobile, because at least they gave plugins).
How is Chrome able to encapsulate, but Firefox isn't? And why shouldn't that be blamed on the browser itself? Maybe I am confusing "extensions" and "plugins". If so, how are they different?