Security Engineering has started a project to harden Firefox against attack in
a post-sandboxed world. It’s early days yet for sandboxing, but conscious of
the work required, I wanted to raise sandboxing as a topic for discussion, and
request input towards developing a sandbox security model.
The goal of the hardening project is to make Firefox resilient, even when a
content process is compromised. Having a restrictive sandbox is not an
effective security control, if a weak security model or IPC implementation
flaws lead to privilege escalation. To this end, several efforts are underway:
- Auditing and Testing IPC mechanisms, including:
- Improving fuzzers to focus on IPC bugs (1320851)
- Auditing IPC mechanisms (IPDL 1041862, MessageManager 1040184)
- Reviewing Firefox components to with respect to sandbox controls
In this latter task, I’ve started documenting the sandbox security model at 
& .  is very much a work in progress however. I’ve contacted some groups
directly, but would appreciate any input here. Please seek me out via email, at
the all hands (Firefox homeroom) and/or attend the combined session we are
running with the Platform Integration team on Friday 1pm .
<https://wiki.mozilla.org/Security/Sandbox/Hardening> WIP, please help!
dev-platform mailing list