Home Browsers Firefox previews site-isolation tech in move to catch up to Chrome

Firefox previews site-isolation tech in move to catch up to Chrome

40
0

Mozilla on Tuesday announced that a years-long effort to harden Firefox’s defenses can now be previewed in the browser’s Nightly and Beta builds.

Debuting as “Project Fission” in February 2019, the project was also linked to the more descriptive “site isolation,” a defensive technology in which a browser devotes separate processes to each domain or even each website, and in some cases, assigns different processes to site components, such as iframes, so they are rendered separately from the process handling the overall site.

The idea is to isolate malicious sites and components — and the attack code they harbor — so one site cannot exploit an unknown vulnerability or one still unpatched, then plunder the browser, or the device, or a device’s memory of crucial information. That information could include authentication credentials, confidential data, and encryption keys.

“Site Isolation builds upon a new security architecture that extends current protection mechanisms by separating (web) content and loading each site in its own operating system process,” senior platform engineer Anny Gakhokidze wrote in a May 18 post to Mozilla’s Hacks site. “To fully protect your private information, a modern web browser not only needs to provide protections on the application layer but also needs to entirely separate the memory space of different sites,” she continued.

Remember Spectre? How about Meltdown?

Site Isolation wasn’t new when Mozilla brought it up two years ago.

The term had been used by Google in late 2017, when it began talking about new defensive features it would add to Chrome and implementing the first iteration of the technology. Although the Mountain View, Calif. company had been working on site isolation for much of that decade, it added the technology to Chrome in late 2017 and waited until mid-2018 to switch it on for most users.

Fortuitously, site isolation was an answer to Spectre and Meltdown, entirely new classes of vulnerabilities that went public in early 2018. The flaws, which were found in a vast array of hardware, notably PC and server processors, as well as in software — particularly browsers — caused an instant sensation and an industry-wide mitigation effort on the part of everyone from Intel and Lenovo to Microsoft and Google, whose engineers had been the ones to uncover Spectre.

Mozilla, like other browsers not crafted by Google, was forced instead to create ad hoc defenses against Spectre and Meltdown. But it also pledged to follow Chrome’s lead to site isolation, even though that work would require it to “revamp the architecture of Firefox,” obviously a major undertaking.

Copyright © 2021 IDG Communications, Inc.

LEAVE A REPLY

Please enter your comment!
Please enter your name here