Mozilla is currently testing a new security architecture for its Firefox browser in nightly and beta channels that sees each site be put into its own operating system process.
As it currently stands, when Firefox launches, it starts a privileged parent process, eight processes for web content, up to two additional semi-privileged web content processes, and four utility processes for web extensions, GPU operations, networking, and media decoding.
With the set number of processes, the potential exists for a malicious site to be placed into a process already in use by another site and giving it access to shared process memory. Using a Spectre-like attack, the malicious site could access data from other sites in the same process.
The current situation means any ads, or embedded pages and subframes, are placed into the same process as the parent page regardless of whether they are the same site or not. With Site Isolation, each of the embedded elements that are not part of the same site will have their own process, with the client operating system to provide memory protections and security guarantees. Mozilla senior platform engineer Anny Gakhokidze commented:
“In a more dangerous scenario, a malicious site could embed a legitimate site within a subframe and try to trick you into entering sensitive information. In the case of a successful Spectre-like attack, a top-level site might access sensitive information it should not have access to from a subframe it embeds (and vice-versa) — the new Site Isolation security architecture within Firefox will effectively make it even harder for malicious sites to execute such attacks.”
Additionally, Firefox will treat http and https versions of a site as different sites, meaning they get put in separate processes. The feature will make use of a community-maintained list of domains that function as effective top-level domains and need to have each subdomain treated as a separate site.
Gakhokidze added the new architecture will improve Firefox in other ways, such as one site chewing up compute resources or having its garbage collected should not “degrade the responsiveness” of other pages, nor should a page crashing impact pages in other processes.
Site Isolation was first unveiled by Firefox at the start of 2019 when it was dubbed Project Fission. Chrome has had its own version of isolation for some time. Users running Firefox Nightly that want to enable Site Isolation can head to about: preferences#experimental, toggle the Fission checkbox and restart. Those running beta or release channel need to head to about: config, set fission. autostart to true, and restart.
A number of known issues on the Project Fission page state there is excessive memory usage and problems with X11 connector exhaustion to content.