RealTime IT News

Firefox Breaks Web Canvas

Firefox security UPDATED: Millions of people rely on the Mozilla Firefox Web browser, but now some of them might not be able to access the content they want, thanks to the latest update.

A bug affecting the way the browser handles the Canvas HTML element was introduced in this week's 2.0.0.10 release. Canvas is an advanced HTML element natively included in Firefox that is used for on-the-fly rendering of bitmap images.

The flaw, called "canvas.drawImage is not working," was first reported within hours of the 2.0.0.10 release on Nov. 26. An initial fix was checked into Mozilla's development system a day later and has been undergoing testing ever since.

According to Mike Schroepfer, Mozilla's vice president of engineering, the bug affects a specific use case of the Canvas tag, which is not yet in wide use. "We used our standard process of releasing a beta to tens of thousands of users and had no reports of this issue prior to the full release of 2.0.0.10. Most importantly, once we became aware of the issue, we worked overtime to address it."

Users have been detailing their problems with the update through Bugzilla, Mozilla's bug-tracking system, as well as asking how soon a fix will be available.

"We are using drawImage alot in our web shop and now in Firefox 2.0.0.10 everything is broken," Bugzilla commenter Klaus Reimer wrote. "Customers are complaining because their Firefox automatically updated to 2.0.0.10 and now they can no longer order photo prints in our shop. I think this is a very serious problem and I hope it will be fixed immediately in a 2.0.0.11 update." Mozilla developer Nick Thomas said the 2.0.0.11 release is tentatively scheduled for today, adding that if it plays out that way, it will be the fastest turnaround between Firefox releases to date.

The pace of Mozilla updates has hardly been slow lately. The 2.0.0.10 release followed the Firefox 2.0.0.9 update by less than a month. The 2.0.0.9 update was only two weeks behind Firefox 2.0.0.8.

The broken Canvas tag bug has also raised the issue of how effectively Mozilla tests its releases before making them generally available.

"I am really surprised the canvas part was not even tested before releasing 2.0.0.10," Bugzilla commenter Chris Lui wrote. "I still support Firefox, although I consider this incident really dampen it a lot."

Another commenter noted that he has supported Firefox and tried to make full use of its features in development. The Canvas bug issue, according to "Jonathan" has put egg on his face.

"For a couple days we have had an unbearable number of support calls," Jonathan wrote. "I would hope this reinforces the need for someone to put in some serious effort on developing a solid and extensive suite of regression tests. This should have NEVER gotten into a public release."

In its defense, Mozilla developers in the same Bugzilla thread noted that they make nightly builds available to all who want to test. Mozilla also produces release candidates ahead of generally available security updates, so those who don't have the time to test nightly can test as needed against the candidates.

Thomas said the release candidates are publicly announced on the mozilla.announce-prerelease newsgroup on news.mozilla.org.

The 2.0.0.11 release candidate update is available now for those who want to make sure it works with their sites.