Slashdot Mirror
Mozilla Is Working On a Chrome-Like 'Site Isolation' Feature For Firefox (bleepingcomputer.com)
An anonymous reader writes: "The Mozilla Foundation, the organization behind the Firefox browser, is working on adding a new feature to its browser that is similar to the Site Isolation feature that Google rolled out to Chrome users this year," reports Bleeping Computer. "[Chrome's] Site Isolation works by opening a new browser process for any domain/site the user loads in a tab." The feature has been recently rolled out to 99% of the Chrome userbase. "But Chrome won't be the only browser with Site Isolation," adds Bleeping Computer. "Work on a similar feature also began at Mozilla headquarters back in April, in a plan dubbed Project Fission." Mozilla engineers say that before rolling out Project Fission (Site Isolation), they need to optimize Firefox's memory usage first. Work has now started on shaving off 7MB of RAM from each Firefox content process in order to bring down per-process RAM usage to around 10MB, a limit Mozilla deems sustainable for rolling out Site Isolation.
I'd sometimes like a feature where I can send a fission bomb to the site. No questions asked.
If they optimize firefox and reduce ram usage by ~40% does that mean instead of using 6GB of system ram total firefox will only use ~4GB? That is a win win situation. /rolleyes
Let users whitelist domains they trust and run those without this feature. Also run advertising domains for the same advertising companies in the same processes. Also kill advertising processes when they cause the browser to exceed a certain amount of performance. There are a lot of web sites out there that are slow because there are dozens upon dozens of advertising relating domains on them.
requested by users for over 15 years...
captcha: stagnant
Reading on this and the Chrome one, it seems this could be open to easy stealth-abuse by embedding several hundred iframes and slowing down everything.
Correct me if I am wrong.
I won't post a link to do it since I don't want to be responsible for some idiot potentially crashing their computer at work, but just duplicate <iframe src="google.tld"></iframe> and replace TLD with all of Googles ones. There's a few dozen of those.
I'm 99% sure it wouldn't work if you just copy-pasted Google.com since it likely isolates domains globally.
ADMITTEDLY this is minor since if you have a malicious site, you could do damage by embedding massive resolution images, screamers, window-open bombs, several hundred large GIF / canvas / SVG / DOM animations, etc.
If Firefox's implementation will be free software (or something that can easily become free software), Firefox will continue to allow anyone to inspect, modify, and share the software even commercially. This leads those who do such work to personally trust the code because they know what's in that code and if they find something they don't like (no matter how that is defined) they can improve the code (or get someone they trust to do this for them) and then they can distribute the improved code to help the community (including non-programmers, the majority of computer users). This also helps explain why other browsers including the Tor Browser derive from free software browsers such as Firefox.
Chrome, on the other hand, is nonfree software (proprietary, user-subjugating software); software which does not respect a user's software freedom. Therefore we can't determine all of what Chrome does, and if we find out it does something we don't like we have no permission to improve Chrome and distribute an improved version. Proprietary software developers are in a position of power over their users, which is an injustice to the users. So long as Chrome remains unvettable by its users Chrome remains untrustworthy by default. As the Free Software Foundation rightly points out, proprietary software is often malware: "the initial injustice of proprietary software often leads to further injustices: malicious functionalities". Any further assessment of Chrome means looking at proxies for its trustworthiness instead of going to the natural and logical place to make this determination—a program's source code. Then we get to the reputation of its developer—Google—a known participant in international mass surveillance (per Edward Snowden's leaks). It makes no sense to talk about the security and privacy benefits that come from a feature such as site isolation while relying on an inherently untrustworthy program to look out for your interests. You'll note that popularity of a program or its developer doesn't enter into any serious discussion of how much trust to place in these programs, or whether to recommend their use by others.
Digital Citizen
App makers need to stop assuming they can solve the security problem. They always need to break the veil of their own internal firewalls to gain speed. THey need to assume they will make a mistake. Meanwhile yawning right in front of them is the OS level Sandbox tools (e.g. on macs a DTRACE derivative) that allows the entite process and every child process to live insode a resource restricted firewall and possible even a chroot jail. Limit what ports or what filesystems or what other OS level resource the app can have and the damage it can do if it goes rogue is sharply limited.
these are really easy to do! they are built into OSX and Linux (maybe windows too? don't know) and they don't seem to affect performance. So why don't apps use these??
Some drink at the fountain of knowledge. Others just gargle.
chrome's new feature is "firefox-like". mozilla's been working on this for quite awhile now.. complete site isolation is the next evolutionary step from 'containers', which debuted in firefox 50 nightly and in amo as a mozilla-developed addon since fx 51.
firefox usage numbers have been decreasing ever since chrome's release. not because of the dumb things mozilla developers and leadership have done, but because they don't trick people into installing it (chrome as 'bundleware' on 'freeware' downloads), con people into thinking they "have to" (gmail, youtube, google banners, etc), don't regularly advertise on national television or in national publications (google and microsoft both do this).
despite its shortcomings, firefox is still the browser you should be using and the only browser you should be recommending to others. period.
Browser ARE using OS-level sandboxing internally.
Putting the entire browser into a single sandbox is possible but "the damage it can do if it goes rogue is sharply limited" isn't true. A compromised whole-brower-in-a-sandbox can listen to your microphone, watch your webcam, manipulate your online banking, access all your Web passwords, manipulate your Webmail, etc. It (maybe) can't mess with your other desktop applications but for many users that's of very little value.
Browsers are using those OS-level sandboxing tools to sandbox individual "content" subprocesses. A malicious site might exploit a bug to take over a content process, but those processes have very low rights compared to the main browser process. They typically can't access the filesystem at all, they can't directly access microphones and webcams (only indirectly, triggering browser UI to notify the user), etc.
Currently in Firefox code from different Web sites can share the same content process, which means a site compromising a content process can usually access content from other Web sites like online banking. This article is about improving Firefox so that is no longer the case.
This bullshit again. Firefox numbers are not dropping anywhere but in retarded cuntries full of retards where previously IE6 was dominant way longer than it was funny, and now its successor in spirit, Chrome, replaces its role.
Over here, nobody gives a fuck about Chrome.
..or does Mozilla seem to wait for Google to do something in Chrome before the react accordingly for Firefox?
Can Firefox even be considered open source software since the default inclusion of Pocket?
IMHO the biggest issue is the same issue as always.... the popup blocker does not block popups!
Otherwise I'm perfectly happy with FF.
32 Gb of RAM.
Domestic spying is now "Benign Information Gathering"
How is "Mozilla copies chrome" news?
Is that true even for containers?
Browser ARE using OS-level sandboxing internally.
That makes zero sense. The whole point of the OS-level sandbox is to contain the app. If part of the app is outside the sandbox it's a threat. Perhaps you mean they are launching child processes with OS-level sandboxing? I do not beleive this is correct. Last I looked they were simply emulating this. If they are then this is good news. But to the extent they can callback to the main app for resources then it's piercing the veil.
Putting the entire browser into a single sandbox is possible but "the damage it can do if it goes rogue is sharply limited" isn't true. A compromised whole-brower-in-a-sandbox can listen to your microphone, watch your webcam, manipulate your online banking, access all your Web passwords, manipulate your Webmail, etc.
No it can't access those. that's the point. You can give it permission to do those things if you want but the OS level sandbox can take away any resource it wants too since any /dev device can be restricted from access.
Browsers are using those OS-level sandboxing tools to sandbox individual "content" subprocesses. A malicious site might exploit a bug to take over a content process, but those processes have very low rights compared to the main browser process. They typically can't access the filesystem at all, they can't directly access microphones and webcams (only indirectly, triggering browser UI to notify the user), etc.
You say that but obviously they do access the microphones and access files, so they must be able to call processes outside the sandbox. Which isn't a sandbox.
Moreover your next paragraph also shows how they are not actually isolated from each other and share resources between sites.
Currently in Firefox code from different Web sites can share the same content process, which means a site compromising a content process can usually access content from other Web sites like online banking. This article is about improving Firefox so that is no longer the case.
good!
Containers in Firefox are just an add-on to Firefox, which generally means that it's written in Javascript. (And in this case it is) This inherently means that they do not have access to interact with the OS-level sandbox and therefore it does not impact roca's explanation.
I'll go back to Firefox when they give back the option to white list / disable java script (no, no-script doesn't cut it) and cookies in an easy, comprehensive and coherent way.
Please define "easy, comprehensive and coherent". If you want easy, install the "JavaScript Switcher" extension by Suraj Jain to give each domain an off switch.