First bit of Firefox's Sandbox lands in Nightly for Windows

Martin Brinkmann
Dec 1, 2014
Updated • Dec 1, 2014
Firefox
|
4

One of the reasons why Mozilla is working on a multi-process architecture for Firefox is that it paves the way for a browser sandbox.

The sandbox that the team plans to implement is platform independent and uses the process as security boundary.

Mozilla is using Google's Open Source sandbox that the company uses in Chromium and Google Chrome as the basis for Firefox.

While Mozilla could write its own implementation from scratch, it does not make sense to do so considering that Google's sandbox is available as open source and that the end result would look very similar to it but would take a considerable amount of resources to create.

The Firefox content sandbox works only with e10s enabled. This is currently only the case for Nightly builds of the browser and since sandbox code is only available in Nightly, it can only be tested in that version of the browser.

Mozilla has enabled a non-restrictive Sandbox on Windows with e10s enabled by default to make sure it works correctly before any other code is added to it.

A new patch has been created a couple of days ago that lands in Firefox Nightly shortly. It only affects the Windows version of it and will enable a "non-restrictive sandbox on the Windows content sandbox by default".

According to this bug report, it does the following:

Changing the lock-down access token from USER_RESTRICTED_SAME_ACCESS to USER_NON_ADMIN is the only restriction that we believe we can currently put in place without breaking things.

This changes the access permissions of the process so that they are more restrictive.

Check out the Sandbox wiki entry on Mozilla which offers additional information about the sandbox implementation in Firefox.

The sandbox itself is controlled by the preference browser.tabs.remote.sandbox in about:config. You can only enable it if e10s is enabled as well.

According to Sören Hentzschel, there will be another preference that you can use to make the sandbox more strict on Windows. The preference's name is security.sandbox.windows.content.moreStrict  and you need to set it to true and restart the browser.

It is unclear at this point in time what it does however so that it is generally not recommended to change it. Besides that, it is not currently listed as a preference in the latest version of Firefox Nightly.

Now You: What's your take on sandboxing in Firefox?

Summary
First bit of Firefox's Sandbox lands in Nightly for Windows
Article Name
First bit of Firefox's Sandbox lands in Nightly for Windows
Description
A rudimentary sandbox is enabled on Firefox Nightly versions on the Windows operating system today. We offer information on the implementation.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Anonymous said on December 4, 2014 at 4:42 am
    Reply

    Firefox needs a sandbox badly. I love the browser but it is missing some critical features. See here:
    http://www.howtogeek.com/165264/heres-why-firefox-is-still-years-behind-google-chrome/

  2. Peter (NL) said on December 1, 2014 at 11:35 am
    Reply

    @Martin: Do you know how the memory usage is for this ‘sandboxed’ Firefox ? Is it a similar memory hog like Googles Chrome ?

    1. Caspy7 said on December 2, 2014 at 3:23 pm
      Reply

      Here’s a very relevant link for your question.
      https://billmccloskey.wordpress.com/2013/12/05/multiprocess-firefox/#mem
      The whole post is pretty interesting/educational so you’re welcome to scroll up and read more (I know some of it directly below gets fairly thick technically for my tastes).

      One detail that I don’t think he spends enough time driving home is that I *think* multiprocess in Firefox may start out with the web content (of all tabs) in only one process. I believe the numbers he shares are of just such a model. Though, as Martin indicated, he seems confident that they can keep the increased usage to a minimum (through things such as shared caches).
      The way he speaks about it caused me to question my understanding that multiprocess just takes a bunch of memory and implies that Chrome just sucks at memory management.

    2. Martin Brinkmann said on December 1, 2014 at 11:54 am
      Reply

      I think most of the memory usage is used by the multi-process architecture in Chrome. Mozilla stated before that e10s won’t increase memory usage by a lot.

      Guess we have to wait for a full implementation though before we can come to a conclusion.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.