Add-ons
Jorge Villalobos encouraged add-on authors to check for memory leaks on the official Mozilla add-ons blog.
The following add-ons had memory leaks fixed: FavSync, Download Youtube Videos, Page Speed.
The follow add-ons were downgraded to “preliminary review” status on AMO, giving them less visibility: QuickDrag, Yahoo Toolbar. The Yahoo Toolbar case is interesting; it is available on AMO, but only has 47,618 users there. But the number of installed copies is much larger than this. (I can’t say how much larger, because the exact numbers are not public knowledge.) So it’s clear that most people who have it installed got it elsewhere, probably directly from Yahoo. Given that AMO accounts for only a tiny fraction of the installations, the effect of the downgrade in AMO review status is negligible. Furthermore, Jorge’s attempts to contact Yahoo appear to have failed. Finally, the only other means we have for addressing add-ons with problems is block-listing them, but that would be overkill in this case. So we are at an impasse. It’s a frustrating situation!
Gecko and Firefox
Tim Taubert fixed two leaks in the recently updated new tabs page.
Jonathan Kew added memory reporters for thebes font objects. With text-heavy pages open, these can account for 10s of MBs of memory.
Andrew McCreight fixed some shutdown leaks involving the XBL cache.
Igor Bukanov did something with JS principals that I won’t pretend to understand. This bug wasn’t marked with the MemShrink tag, but it gave good Talos results, reducing the number of malloc calls and the maximum heap size on several platforms.
Bug counts
This week’s bug counts:
- P1: 26 (-2/+4)
- P2: 131 (-1/+3)
- P3: 88 (-5/+1)
- Unprioritized: 0 (-0/+1)
Nothing spectacular there.
32 replies on “MemShrink progress, week 41”
Thank you for your hard work!
Yahoo Messenger installs the Yahoo toolbar by default.
if Yahoo Messanger tries to install the yahoo toolbar, then it should be notified that the addon is blocked during the installation..Rather than the yahoo installer finished successfully..and the user is left frustated to see the yahoo toolbar is not there in FF and the toolbar is disabled in the addon manager.
What about some kind of gray-list for add-ons which misbehave but not so much that a black-listing would be appropriate?
Then the browser could pop up a warning when started and the user could get a chance to disable the add-on. At least this could put some pressure on the add-on developers 🙂
├────4.11 MB (03.10%) ── network-memory-cache
Still wastes memory. nsCacheService eviction sucks, about:cache?device=memory shows entries from pages closed hours ago, and it ignores “minimize memory use” event.
Seeing the same thing as Mike. I have cached pages I haven’t visited since yesterday. There was even one page I noticed still having a js compartment open in about:memory taking up 13MB of memory.
When looking at the about:cache?device=memory page, it seems like most pages have an invalid expiration date of zero (1970-01-01), don’t know if that is normal? Some other pages actually reports “No expiration time”, which seems wrong, why would some pages not expire?
Aurora 13a2 (2012-03-29) @ Windows 7
Could we block Yahoo Toolbar only for users who are experiencing memory use problems? (e.g. VM use over 1.5GB, or based on some telemetry probe)
Interesting idea, but I have no idea how to implement it reliably. I’d prefer it if the add-on just fixed the leak!
Great post but now I am having trouble with this Yahoo toolbar! It keeps on returning back even though I removed it from the Toolbar option!! Any ideas folks ?
Assuming you are on Windows, you might be able to go to the Window Control Panel and uninstall it from there.
Oh no, the Yahoo toolbar! I try to remoced it with the AnVir Task Manager without access. With other programs I had so much problems.
Any ideas for me?
I’ve noticed the Yahoo Toolbar bundled with several installers of various Windows programs. If the user just clicks ‘Next’ through all the screens without specifically unchecking the appropriate box… I imagine plenty of people have had it installed that way.
Yes, these are called “third party” installs. One particularly annoying thing about them is that you can’t uninstall them within Firefox, you can only disable them. To uninstall them you have to uninstall the separate program, e.g. in Windows you usually do it through the Control Panel. Because of this, the web is littered with “How do I uninstall add-on X in Firefox?” articles.
This is a question that’s come to me before.
Why do we have *any* mechanism in Firefox for an uninstallable plugin?
To this very day I still cannot believe that a browser purporting to be very security conscious allows this sort of add-on installation. It’s like Firefox is continuously bent over and picking up the soap and in a prison shower! It’s just asking for trouble.
Whilst there may now be a Firefox warning dialogue to inform users when this has happened and allow them the option to disable the nefarious install, why even allow this situation at all? Plugin publishers like Adobe should simply have to submit their plugins via AMO.
I realise there’s a strong and justified desire within Mozilla to avoid the crApple walled-garden factor. However as long as the policies of AMO are reasonable – which is where the crApple walled-garden usually fails – then the security benefits to end users of closing this enormous third-party install back door would surely be more important?
With every piece of ‘freeware’ nowadays pushing the Ask Toolbar or some other piece of unnecessary-at-best ware, to me if Firefox were to block 3rd party installs, it would be a huge user bonus feature akin to how Firefox was formerly the user’s friend by taking such measures as disabling popups and some annoying JavaScript methods.
Same thing for several toolbars which are bundled with other programs.
I just had the example with AVG toolbar which is bundled with PDFCreator. And in this case there was no clear way to avoid the toolbar installation…
Why is it that you cannot simply delete some addons within FF?
I mean it’s totaly stupid that addons can prevent showing the ‘delete’ button. What’s the reason for that?
If you put add-on files in certain locations, Firefox will automatically see them and treat the add-on as installed. The files have to be removed from outside Firefox for Firefox to stop seeing them. I personally don’t like this style of add-on, but they’ve been supported for a long time, esp. for things like anti-virus add-ons.
The situation did improve somewhat in Firefox 8 — Firefox now asks the user about new third-party add-ons before they are enabled. See https://blog.mozilla.org/addons/2011/08/11/strengthening-user-control-of-add-ons/ for details.
Proposal:
So if Firefox can’t uninstall / delete an Add-On / Extension / Plugin and ‘Disable’ still leaves artefacts around, how about a ‘Ignore this … in the future’ Button?
More or less a user controlled addition to the Mozilla provided blacklist.
Action from Firefox should then be to NOT load anything of the blacklisted Add-On / Extension / Plugin, no Info, no entry in about:addons, nada.
The about:support page should get a ‘reset user blacklist’ button to help from that side.
Whether it’s “been supported for a long time” is not the point, I don’t think. Mozilla doesn’t seem to be the sort of org that allows itself to be unnecessarily burdened by maintaining legacy practices. Therefore the simple question is, what’s best for users? I’d suggest that disallowing installs of third party add-ons is the best approach for end users and not a high obstacle for third-party add-on publishers themselves.
it’s not that they hide the button it’s just that they doesn’t install in your profile but globally, so you have to delete it manually in the firefox directory or in appdata
Ah nuts, QuickDrag rocks. Is it causing zombie compartments? What has the developer said?
Here is a QuickDrag alternative. I’ve no idea if it has any zombie compartment issues. Hopefully not!
https://addons.mozilla.org/en-US/firefox/addon/dragurlink/
The problem is that there’s really no way for Mozilla to stop it. Crapware vendors can write their extensions to the same locations that Firefox does when installing them. Likewise, if Firefox were to start blocking 3rd party extensions more aggressively than it currently does there’s no way to prevent CrapwareSoft’s installer from editing the file containing the list of extensions that were oked by the user to include theirs.
This was supposed to be in reply to pd’s long post above. I’m not sure why the threading broke unless it’s related to my failing the first captcha.
http://blog.mozilla.org/nnethercote/2012/03/28/memshrink-progress-week-41/comment-page-1/#comment-5767
If Mozilla can detect new third-party add-on installs, which it clearly can based on Firefox 8’s new warning system, then it can disable them by default surely? I just did an update last night to Aurora 13 and it disabled an apparently old Java version I had installed. If Mozilla chooses to adopt a policy of blocking like this all the time, then it can force plugin publishers into the AMO system couldn’t it?
Unless I’m misunderstanding something, they already are disabled by default because of the FF8 changes.
My point was that they’re only disabled by default as long as their developers go along with the prompt to enable feature. Short of iOSification there’s nothing that Mozilla can do to keep them from modifying the list of 3rd party addons that the user has approved to include theirs.
The point where various 3rd parties stop grumbling about FF making things harder/more annoying to their users or reducing install levels to the point it begins to cause problems for their business model and decide to ‘declare war’ on FF and start working to bypass the current controls is going to vary significantly by company. I assume based on the fact that none of the major vendors have done anything to bypass the FF8 rules means that someone did talk to them and make sure that the changes weren’t unacceptable.
Perhaps it’s time that Mozilla look into options other than making every config file a variation of plain text? Encrypt the list!
As for 3rd party companies whining, I’d rather they whine that users and so long as Mozilla has substantial market share, they will be forced to comply regardless. Naturally if they start battles against Fx that could reduce Fx’s market share then there’s a problem. However this would hardly be the first time Mozilla fought such a battle for the open web so why shy away from it?
As long as FF is open source it won’t help. All the addon writer would need to do is look at the source for addThirdPartyAddOnToUserApprovedList() and have their installer do the same thing.
FF is not iOS; what you want isn’t even possible in theory (and the steady stream of jailbreaks indicates that the theory is equally broken).
What about when Firefox checks for updates to add-ons. Are those possible to have unique identifiers on and use the data to create more accurate stats on the install base?
Maybe even get stats on enabled/disabled add-ons?!
Comment Notification
Would be great if you could add an option to get notified when new comments/replies have been made to a post I have commented on. I normally avoid commenting on sites not offering such a feature since I don’t want to waste my time having to constantly check back if there has been any respond to my comment.
We do have accurate numbers on the install base, but the numbers aren’t publically available.
I’d love to provide comment notification, but AFAIK this WordPress installation doesn’t allow it.
subscribe to the Comment RSS Feed, that what I do to see all comments.