user-after-free()? How does that work?
Perhaps you meant use-after-free?
Do you love Firefox, Linux, and the internet? Are you interested in earning money from the comfort of your own home? Are you OK with a special flavor of Firefox quietly gobbling up memory in a hunt for exploitable security bugs? If so, Mozilla has a deal for you. The open internet organization (and search licensing revenue …
There's a reason for the high memory requirements. Basically the only way you can catch write-after-free bugs is by doing the following:
Place every allocated memory block in its own virtual memory page. (Larger blocks require multiple pages, obviously.) This will instantly balloon your application's physical memory requirements because even a one byte memory block will now require at least one system memory page (usually at least 4096 bytes).
You can also include a guard page (protected, allocated virtual address space, but not committed to physical memory) before to catch buffer underflow errors, or you can place your memory block at the end of the page(s) and put a guard page afterwards to catch buffer overflows.
When you free that memory, you merely decommit (from physical memory) the pages, and change their access rights. Any writes to those addresses will now generate an access violation which you can catch and report. (Or your debugger, if attached, will catch for you.) This will balloon your application's virtual memory requirements, because once a page of virtual addresses has been used, it can never be reused.
As an aside, early versions (maybe all versions) of Windows 7 seemed to have a hard limit of 128GB of virtual user address space per application. Windows 10 (and probably 8) don't have such a low limitation. (I don't know what the new limit is, but I've never hit it when running my memory manager in protected mode.)
So it's Waterfox, Basilisk, Pale Moon, Seamonkey or something else entirely
I've switched to Pale Moon on most of my machines. It's been usable.
Had to disable the extension compatibility check so it would stop complaining about NoScript - likely the stupidest decision ever made by the PM team, and up there in the list of stupid decisions by any browser dev team ever. And then they abused users who complained, and issued dire warnings about disabling the compatibility check.
I don't have great confidence in its long-term viability; the devs seem to be going down the Mozilla route of "fuck you, we know best".
I may yet take a look at Waterfox or one of the other alternatives.
Fix those workflow addons yourself.
It's not Mozilla's fault the authors haven't updated them and if you're not paying the authors to update them they don't owe you anything either.
You sound like one of those people who thinks all software should be free and developers should have to live off of air alone.
Methinks a fair few Reg commentards are among those who take offence at a product that phones home. Will you now be inviting Firefox to do so? And supplying it with more personal data (the address for any bounties) than any normal 'phone-home product would dream of?
(Yes, I know, there's shades of phoning home, and this passes one important test of being opt-in. At least for one browser user).
Biting the hand that feeds IT © 1998–2020