Criticisms of Mozilla Firefox

Alongside its widespread use and popularity, criticisms of Mozilla Firefox have arisen. Some of these allegations about Mozilla Firefox address:

• security, secure distribution, and a consolidated authoritative review for numerous new extensions
• a perceived lack of some built-in ("out-of-the-box") features
• refusal to implement non-standard web technologies
• functioning differently from other browsers, and failing to render properly pages not written with Firefox (or W3C standards) in mind

Firefox's robust extension capability has prompted a boom in the development of new add-on software. Such extensions can address concerns requiring added functionality, as the designers of Firefox intended (and largely achieved) a streamlined interface and a small footprint. Installing an extension can address many if not most issues, but security concerns may ensue. The Mozilla Foundation separated the Firefox project from the larger Mozilla Application Suite mainly to counter Mozilla's software bloat while providing a platform whereby all users could customize their browsers based on an open platform for any number of new extensions.

The Firefox developers have not implemented some frequently-requested features. For example, they have repeatedly turned down frequent requests for the ability to resize the search bar through the user interface. The writing of extensions has addressed some requests; for example, an extension now exists to add a resize thumb to the search bar.

Firefox uses the Gecko (layout engine) rendering engine made by Mozilla. People holding anti-communist views have sometimes criticised Mozilla in that they find some of Mozilla's imagery resembles that of communism. The Mozilla Party website and the Mozilla Banner pages use the original red star and slogans which some consider communist or socialist. Mozilla does use (as a prominent motto) the phrase " Work and there will be flour, sit cross armed and there will be no flour". However, most of this imagery had associations with the Mozilla Application Suite rather than with Firefox, which uses logos, icons, and images that have no such associations.

Some people, most often advocates of proprietary software, label the open-source software movement in general as "communist".

When running under Windows, Firefox can take longer to launch than Internet Explorer. Internet Explorer's close ties to the Windows operating system gives it the advantage of starting quickly once the program is launched - Internet Explorer's code is loaded into memory on startup. Installing a large number of extensions also lengthens start time.

Many websites exhibit problems caused by careless development which causes the site to fail to comply with web standards; sometimes implementors test such sites only with Internet Explorer and they fail in other browsers such as Firefox. Users often blame the browser instead of the site developer when this happens. Common problems of this sort include:

• misconfigured servers sending incorrect MIME types (so that, for instance, HTML documents presented as plain-text, render as plain text in accordance with the standards)
• invalid syntax in HTML, CSS, and JavaScript
• use of a nonstandard document object model (DOM) for scripting.

While Firefox supports quite a bit of "bad code", it exhibits less tolerance in this respect than Internet Explorer. To fully emulate Internet Explorer's behavior would require breaking some standards.

In some cases, sites actually refuse to operate correctly in Firefox due to user-agent sniffing to reject "incompatible" browsers based on how they identify themselves to the server. An extension to Firefox lets the user modify the user-agent string, which sometimes lets users access these sites if no other compatibility problems exist. Some consider the use of such an extension undesirable because it skews tracking of Firefox in browser usage statistics, thus making it less likely that webmasters will consider Firefox in their future development.

While not officially supported, a plugin can add ActiveX support for Firefox running under Microsoft Windows. In part due to the unofficial status of the plugin, however, it does not always stay up-to-date with the current version of Firefox.

Users have discovered numerous security holes in ActiveX in the past. In addition, relatively few public websites require ActiveX; with the Windows Update site the most well-known exception. ActiveX remains non-portable to a wide variety of browser platforms in any case: non-x86 systems and systems based on Mac, Linux, or BSD typically cannot run ActiveX controls anyway. ActiveX does however feature quite commonly in corporate intranets and for web applications, which may hinder the adoption of Firefox on the corporate desktop.

Peter Torr, a program-manager at Microsoft (which develops Firefox's primary competitor), wrote an essay "How can I trust Firefox?" on December 20, 2004. It began a firestorm of discussion on his own blogging forum (including postings from notables like Peter da Silva [1]); a discussion on Slashdot; and a follow-up summary from Torr.

Torr pointed out that university (or even high school) campuses often hosted the many mirrors for Firefox downloads, and offered no guarantee against potential tampering with the installation files. He also noted several flaws in Firefox's user interface.

Torr also claimed in the original essay that Firefox users possess no obvious way to disable plugins (such as Flash). However, it is possible do so on the Download panel of Firefox's options window.

The other points illustrated differences in security approach include:

• Torr expressed concern that Firefox does not make wide use of digital signatures - since digital signatures form the basis of Internet Explorer's approach to security. Peter da Silva and others countered that Internet Explorer's extreme dependence on digital signatures constitutes a flaw - anyone can sign code simply by paying money. They cited Gator to demonstrate that many spyware programs use digital signatures. [2] [3] Digital signatures do not, by design, designate code as benign or as vulnerability-free; rather they prove the origin of the software. However, as with all cryptographic keys, this requires proper control of the certificates. In 2001 VeriSign issued two "Microsoft" digital certificates to people who fraudulently represented Microsoft. Malicious attackers could have used these certificates to forge material signed by Microsoft [4].

Also, people can create companies and get certificates with arbitrary, misleading names, causing users to give unwarranted trust to signed programs. Instead of depending on digital signatures (especially since users rarely check who signed something), Firefox uses hash values and DNS to demonstrate the traceability of the Firefox software itself to a trusted site.

However, the official stable version of Firefox available directly from Mozilla and on its mirrors is now digitally signed.

• Once installed, Firefox uses mobile code technologies that constantly limit code privileges while running, as opposed to Internet Explorer's ActiveX which receives uncontrolled access once it starts to run. Firefox proponents argue that Java and JavaScript within Firefox function much more securely than within Internet Explorer, because the browser constantly limits their privileges as they run.
• Internet Explorer's security depends on "security zones"; Firefox proponents note that many attacks successfully confuse Internet Explorer's security zone implementation, and claim that Firefox's security excels (in part) because it does not depend on security zones.

Opera makes many features available without the installation of extensions. Firefox has a different philosophy, offering only core features by default to avoid possible bloat. Some Opera users distrust extensions, citing that adding on extensions can slow the load up of Firefox and the danger of adding a third-party extension (possible problems).

Firefox lacks a cross-session browsing function for automatically restoring all windows and tabs at browser restart time. The Firefox extensions SessionSaver and Tabbrowser Extensions both provide this missing functionality [5].

Firefox lacks a built-in means to re-open closed tabs (short of hunting through the session history), while Opera offers a droplist for easy access. Firefox extensions make similar functionality available. SessionSaver offers not only a listing of closed tabs, but of closed windows as well; and some smaller extensions offer the basic tab-only list [6] [7].

Opera offers an interface which users find easier to customize: they can place toolbars, buttons and fields anywhere on the screen. Opera also allows user-defined menus, keyboard shortcuts and mouse gestures without the need to add extensions. Firefox, on the other hand, requires fully-coded extensions to adjust the interface. The official Mozilla Update website hosts most extensions, but all development comes from third parties.

While Firefox users can install their own search engines, they cannot easily customize the order, search URL, or engine title. They can achieve similar functionality by using bookmarks, which allow the customization of the query's URL, keyword and title. "Quick Searches" make changing the short keyword easy, allowing users to type "g {query}" to view Google results, for example. Opera has no native interface for adding search engines; Opera users must edit a text file (search.ini) or use third-party software [8]).

Opera fans also regard Firefox's Gecko rendering engine as inferior in some ways to Opera's Presto rendering engine, especially in the areas of navigating forward and back [9], smooth image resizing [10] and page zooming [11]. As reported on May 5, 2005, intensive work has begun for achieving "blazingly fast" forward/backward [12] navigation. Gecko-watchers expect the switching of the graphics infrastructure in Gecko to Cairo to bring improved 2D graphics capabilities to the browser. They expect this change to roll out in version 1.9 of the Mozilla base code, which Firefox 2.0 will utilize.

Many advanced configuration options available in the SeaMonkey Suite remain hidden in Firefox: users can only access them by hand-editing configuration files or through the about:config interface.

Firefox is also criticized for changing the keyboard shortcuts used in the old Mozilla Suite. CTRL-A marks all instead moving to the beginning of the line. CTRL-K doesn't delete to the end of the line anymore, but moves to the web search field. CTRL-W closes the browser window unconditionally, even when mouse and cursor are inside an editable field (Google search field, address bar, fields in forms inside the page, etc.).

Some SeaMonkey users are also disgruntled that the Mozilla Foundation discontinued active development on the Suite in order to pursue development on Firefox. The suite has been adopted by a a community of users and rebranded as SeaMonkey as a result. Some of their criticisms, such as the suite taking up less resources to run than a combination of both Thunderbird and Firefox, have been published on the [SeaMonkey] website.

Firefox also attracts criticisms from users of Safari, and to a lesser extent, from users of Camino. A key criticism involves Firefox's use of non-standard user interface widgets, though work has commenced for Firefox to emulate the way Safari and Camino handle such phenomena. [13]

One criticism of Firefox's user interface points out that Firefox tabs lack individual close-buttons, a feature found in both Safari and Camino. Firefox features a single one tab-closing button at the far right of the tab-bar, directly opposite the tabs in the window, which stack left-justified. Firefox aficionados justify this placement by the argument that users close fewer tabs accidentally when switching tabs, especially when they have many tabs open. Also, Firefox users can close tabs using the context menu and by middle-clicking the tab (although many Mac OS users would not have a second or third mouse button on their mice to take advantage of this capability). However, critics of Firefox claim that the arrangement seems too Windows-like, and by its nature, breaks Mac OS user interface guidelines (which dictate positioning the close button on the far left instead).

Firefox uses a non-native implementation of form controls. This means that Firefox does not offer Mac OS X features such as built-in "spell check as you type" and speech services.

Because Camino, another Mac browser from the Mozilla Foundation, uses standard Cocoa widgets instead of the cross-platform XUL widgets found in Firefox, fans of Camino think of Firefox derisively as "the best browser that just happens to run on a Mac" while claiming Camino as "the best Mac browser". However, Camino lacks the degree of extensibility of Firefox, and suffers from having a smaller pool of developers (thus updates to Camino tend to appear less frequently).

Internet suites like Mozilla and Opera offer the same features as Firefox (and many other features which Firefox lacks by default) in a unified package with less memory consumption. In order to get all such features, Firefox users must install literally dozens of extensions. Firefox proponents expect this convenience/performance/usability issue to die when the stand-alone applications move toward the direction of XULRunner, where multiple XUL-based applications share the same runtime environment.

Some criticisms have become obselete with later versions of Firefox resolving the issues raised.

The Firefox 1.0 release, in its attempt to implement Internet Explorer's behavior of requesting favicons, requests an icon file with every page view [14], despite the server's response that the file does not exist. In consequence, server administrators had either to accept the unnecessary traffic increases, to add a favicon.ico file under the root directory, or to refer to a favicon image file within pages. (This bug no longer afflicts current versions of Firefox.)

When Firefox cannot load a page (for example, when it cannot connect to the server), it displays an error dialog-box instead of an error page, as Internet Explorer does. Though Firefox users can change this behavior, the implementation constitutes a bug [15]. Deer Park and the latest nightlies use error pages instead of error dialogs.

When users hit the "back" or "forward" buttons Firefox sometimes loads pages slowly. This stems from coding in the Mozilla Suite, which Firefox adopted. The Firefox developers have started work on resolving this issue [16] and have made fixed versions available in nightly builds for developers and in alpha versions of the next public version (version 1.5).

• Tom, Espiner (2005). Mozilla hits back at browser security claim. Retrieved September 21, 2005.

• Mozilla Firefox

• Open Source Oopsies