Mozilla has already started Site Isolation testing in Firefox

Firefox logo

Mozilla has announced the start of testing massive versions of the beta and nightly versions of Firefox, site isolation mode developed by the Fission project.

The mode expands the use of multithreaded architecture; Instead of a fixed group of processes, a separate process is created for each site. Activation of fission mode is controlled by the variable “fission.autostart = true” in about: config or on the page “about: preferences # experimental”.

We are pleased to announce that Firefox’s new site isolation architecture is coming together. This fundamental redesign of the Firefox security architecture extends current security mechanisms by creating operating system process-level limits for all sites uploaded to Firefox for desktop. Isolating each site in a separate operating system process makes it even more difficult for malicious sites to read the secret or private data of another site.

We are currently finalizing Firefox’s site isolation feature by allowing a subset of users to benefit from this new security architecture on our Nightly and Beta channels and planning a rollout for more of our users later this year.

We need to remember the multithreaded model used in Firefox until now involved launching a group of processes handling: by default, 8 main processes for processing content, 2 additional non-privileged processes for web content and 4 auxiliary processes for plugins, interaction with the GPU, network operations and decoding, multimedia data.

The distribution of the tabs between the processes was carried out arbitrarilyFor example, the processing of a banking website and an unreliable questionable resource could be in one process.

The new mode takes the processing of each site to a separate process, with division not by tabs, but by domains, which allows additional isolation of content from external scripts and iframe blocks. To separate the processing of typical service subdomains associated with different sites, the separation is applied not by formal domains, but by actual top-level domains (eTLDs) marked in the public suffix list.

The mode enables blocking protection against side channel attacks, for example, associated with Specter-class vulnerabilities, leading to information leakage within a single process. Leakage of sensitive data processed in the same process is possible when running untrusted external code in JIT engines and virtual machines.

In the context of web browsers, malicious JavaScript code from one site can retrieve information about passwords, passwords, and credit card numbers entered on another site processed in the same process.

Initially, to protect against side channel attacks, browser developers limited the accuracy of the timer and blocked access to the SharedArrayBuffer API, but these measures only complicated and slowed down the attack (for example, a method was recently proposed by retrieving data from the CPU cache, working with no JavaScript at all).

Other advantages strict isolation mode include reduced memory fragmentation, more efficient memory return to the operating system, minimizing the impact of garbage collection and page-intensive computing on other processes, increasing the efficiency of load balancing on different CPU cores, increasing stability (blocking the process that processes the iframe does not pull the main site and other tabs behind him).

Among the known issues that occur when using Fission, there is a marked increase in memory consumption, X11 connections and deskriptrov file when opening a large number of tabs, as well as the discontinuation of some supplements, iframe content loss for printing and call screenshot recording function, iframe document caching effectiveness decreases, content loss of completed but not submitted forms when recovering a session after a crash.

Finally, if you are interested in knowing more about it, you can consult the details In the following link.

Add Comment