Clever Geek Handbook

Firefox unveils new browser security architecture with site isolation

Firefox, like any other browser, can download code from untrustworthy and potentially dangerous sites and then run it on your computer. To protect users and take Internet security to the next level, the Mozilla team decided to redesign their browser.





The new site isolation security architecture extends existing security mechanisms by separating content. Now a separate operating system process will be created for each site. This will completely isolate code from different sites. In particular, to provide protection against malicious resources trying to gain access to confidential information from other sites visited by users. For example, entered passwords, credit card numbers, etc.





To protect data, Firefox uses various security mechanisms, such as the Same Origin Policy (Domain Restriction Rule ), which restricts the interaction of information from different sources. That is, it prevents attackers from accessing information from other resources loaded in the same application. But this is not enough. To protect users from potential threats, you should completely separate the memory space allocated to different sites - the new architecture of Firefox provides these security guarantees.





Why Sharing Memory Space Is So Important

In early 2018, security researchers discovered two major vulnerabilities known as Meltdown (a hardware vulnerability that exploits a speculative execution bug in some Intel and ARM processors that causes the processor to ignore page permissions.) And Specter (a group of hardware vulnerabilities in most processors that allows reading data through a third-party channel). Experts have demonstrated how an untrustworthy site can give attackers access to process memory even in such a high-level language as JavaScript (which almost every site runs on).





, -. , . .





Firefox , . , , Spectre.





Firefox , . , : www.my-bank.com www.attacker.com.  , .  www.attacker.com Spectre, my-bank.com.





, – .





Firefox ( ), -. , , .





Firefox , .  , , .





, , .  , , , API-, .





Firefox ( 2021 .) : -, - - -, , .





, Mozilla, , , .  , Firefox , .





? : www.my-bank.com, www.getpocket.com, www.mozilla.org www.attacker.com.  , my-bank.com attacker.com , . , Spectre my-bank.com.





: , . (, ), . , . Firefox .





Firefox

Firefox . , «https://mozilla.org» «http://getpocket.com», , .





https://getpocket.com ( , https, http, ) . .





, , «.github.io» «.blogspot.com», , , «».  Firefox    (eTLD), .





«github.io» eTLD, «a.github.io» «b.github.io» .  , , www.my-bank.com www.attacker.com , . , .





. , « », , .





, www.attacker.com www.my-bank.com, .  , .





Firefox .  :





  • , , .





  • - «».





  • - , , , .





Firefox - .  . Nightly Beta   :





Firefox Nightly:





  1. about: Preferences#Experiment





  2. «Fission (Site Isolation)».





  3. Firefox.





Firefox Beta:





  1. about: config.





  2. `fission.autostart` `true `.





  3. Firefox.





.





 Cloud4Y





→  Nginx, - -





→  :





→  : vCloud API





→  vApp VMware vCenter + ESXi





→ 





 Telegram-, . .







More articles:


All Articles