Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Is Working On a Chrome-Like 'Site Isolation' Feature For Firefox (bleepingcomputer.com)

Posted by BeauHD on from the behind-the-scenes dept.

An anonymous reader writes: "The Mozilla Foundation, the organization behind the Firefox browser, is working on adding a new feature to its browser that is similar to the Site Isolation feature that Google rolled out to Chrome users this year," reports Bleeping Computer. "[Chrome's] Site Isolation works by opening a new browser process for any domain/site the user loads in a tab." The feature has been recently rolled out to 99% of the Chrome userbase. "But Chrome won't be the only browser with Site Isolation," adds Bleeping Computer. "Work on a similar feature also began at Mozilla headquarters back in April, in a plan dubbed Project Fission." Mozilla engineers say that before rolling out Project Fission (Site Isolation), they need to optimize Firefox's memory usage first. Work has now started on shaving off 7MB of RAM from each Firefox content process in order to bring down per-process RAM usage to around 10MB, a limit Mozilla deems sustainable for rolling out Site Isolation.

1 of 57 comments (clear)

  1. Re:One more time with feeling: OS level sandbox by roca · · Score: 4, Insightful

    Browser ARE using OS-level sandboxing internally.

    Putting the entire browser into a single sandbox is possible but "the damage it can do if it goes rogue is sharply limited" isn't true. A compromised whole-brower-in-a-sandbox can listen to your microphone, watch your webcam, manipulate your online banking, access all your Web passwords, manipulate your Webmail, etc. It (maybe) can't mess with your other desktop applications but for many users that's of very little value.

    Browsers are using those OS-level sandboxing tools to sandbox individual "content" subprocesses. A malicious site might exploit a bug to take over a content process, but those processes have very low rights compared to the main browser process. They typically can't access the filesystem at all, they can't directly access microphones and webcams (only indirectly, triggering browser UI to notify the user), etc.

    Currently in Firefox code from different Web sites can share the same content process, which means a site compromising a content process can usually access content from other Web sites like online banking. This article is about improving Firefox so that is no longer the case.