Mozilla Firefox version 54 now supports multi-threaded processing and fixes 32 vulnerabilities to strengthen security

Mozilla fixed 32 vulnerabilities, including a critical bug that could have resulted in a crash, with the release Tuesday of Firefox 54, the latest version of its flagship browser. The critical bug, a use-after-free vulnerability, was dug up by longtime bug hunter Nils. The vulnerability (CVE-2017-5472) existed in the browser’s frameloader. Nils encountered the vulnerability during tree reconstruction while regenerating CSS layout. The researcher discovered that while attempting to access a node in the tree that didn’t exist, he could trigger a potentially exploitable crash.

The update also resolved a dozen vulnerabilities considered high impact by Mozilla, including three additional use-after-free bugs; one during video control operations, one in content viewer, and one during docshell reloading. While all of the vulnerabilities also could’ve resulted in a crash of the browser, Mozilla deemed them less serious than CVE-2017-5472.

In addition to the bug fixes, Mozilla is boasting that Firefox 54 is the first to run multiple operating system processes for web page content, something that it claims speeds up performance. Multi-process support, a project Mozilla dubbed Electrolysis, has been in development for years. The technology basically converts one web page process to four.