Firefox security update looks to make getting online safer than ever By Mayank Sharma about 19 hours ago https://www.techradar.com/news/firefox-security-update-looks-to-make-getting-online-safer-than-ever
Mozilla is currently testing a major new security feature for its Firefox browser which will separate every website into its own process. Site Isolation is designed to prevent Spectre-like side-channel attacks in the popular open source browser. In addition to enhancing security, Site Isolation will make Firefox faster and stable as well In a blog post, Anny Gakhokidze, a Senior Platform Engineer at Mozilla working on Site Isolation, explains that it builds upon a new security architecture that extends current protection mechanisms of the browser by making it load each site in its own operating system process. “To fully protect your private information, a modern web browser not only needs to provide protections on the application layer but also needs to entirely separate the memory space of different sites—the new Site Isolation security architecture in Firefox provides those security guarantees,” writes Gakhokidze. In the current scheme of things, upon launch Firefox starts a privileged parent process, which further spawns eight processes for web content, and a maximum of two additional semi-privileged web content processes, along with four utility processes for web extensions, GPU operations, networking, and media decoding. Gakhokidze explains that while separating the content into eight processes is pretty secure in itself, this arrangement still makes it possible for a malicious site to be placed in the same process as another trusted site. Since all websites inside a process share the same memory, the untrusted site will be able to read the contents of the shared memory. This gets particularly dangerous when you consider the fact that all online ads, and embedded pages are placed into the same process as the parent page. Isolated silos However, with Site Isolation, not only will all websites exist in their own process, each of the embedded elements that are not part of the same site will also be allocated their own processes. Besides the security benefits of such an arrangement, Gakhokidze also lists a few other advantages as well. For starters, using more processes to load websites will enable Firefox to efficiently use available resources by spreading work across different CPU cores. Also, thanks to the siloed approach, tab crashes will not have any impact on websites loaded in different processes. The Site Isolation feature is currently being tested in nightly and beta builds of the browser, and will make its way into the stable release when the developers consider it to be stable. Via ZDNet _______________________________________________ Link mailing list [email protected] https://mailman.anu.edu.au/mailman/listinfo/link
