Firefox's Project Fission: better security and more processes - gHacks Tech News

Firefox's Project Fission: better security and more processes

Mozilla is working on a new process model for the Firefox web browser to enable full site isolation in the browser once rolled out.

Firefox's current process model runs the browser user interface and web content in separate processes. Web content is further divided into several processes and you can check out how many by loading about:support in the browser's address bar.

Firefox's current system limits web content processes so that content from different sites may end up in the same process. Cross-site iframes loaded in a tab use the same process as the parent currently.

Project Fission

project fission

Mozilla's Project Fission, the codename for the new process model, aims to change that by separating cross-site iframes from their parent to improve security and stability. What that means is that Firefox will create processes for any iframe loaded on a site in individual processes.

Mozilla follows Google's implementation. Google introduced site isolation in Google Chrome last year to limit render processes to individual sites. Google concluded back then that site isolation would improve security and stability of the browser. The downside to using site isolation was that Chrome would use more memory. Initial tests revealed that Chrome used about 20% more memory with site isolation fully enabled in the browser.

Mozilla wants to reach milestone 1 in February 2019; the organization has not set a target for inclusion in stable versions of Firefox as it is a mammoth project that requires effort from nearly any Firefox engineering team.

Milestone 1 lays the groundwork for full site isolation in the Firefox web browser. Firefox users interested in the progress that Mozilla makes in this regard may head over to Bugzilla@Mozilla to follow development closely.

Project Fission, full site isolation, protects Firefox from new Meltdown or Spectre CPU flaws that may be discovered in the future. Mozilla patched Firefox to protect against discovered flaws but under Firefox's current architecture, Mozilla would have to adjust Firefox each time a new flaw would be discovered.

With site isolation, Firefox would block any future exploits that may be discovered and improve security and stability generally as well. The trade-off is that Firefox will use more memory once full site isolation launches in the browser. It is too early to tell by how much memory usage will increase; if you assume that it will be in Google's 20% ballpark, it could very well become a problem for some configurations.

Now You: What is your take on Project Fission / full site isolation?

Summary
Firefox's Project Fission: better security and more processes
Article Name
Firefox's Project Fission: better security and more processes
Description
Mozilla is working on a new process model for the Firefox web browser to enable full site isolation in the browser once rolled out.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. jupe said on February 7, 2019 at 12:08 pm
    Reply

    I see the benefits of implementing this, but am happy with the current implementation / memory levels, and IMO the average user will maybe notice a memory increase as being bad without understanding the underlying benefits / cause.

    1. Anonymous said on February 8, 2019 at 3:06 am
      Reply

      “Look, Firefox uses more memory!” – Googlesoft propaganda.

  2. Anonymous said on February 7, 2019 at 12:22 pm
    Reply

    If they really cared about Spectre/Meltdown and other timing related security and privacy problems such as history leaking they would stop giving websites high resolution timers for performance telemetry and they wouldn’t have removed the pref to disable web workers for those who want to.

    https://bugzilla.mozilla.org/show_bug.cgi?id=1434934#c8
    https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

    But sites needs seem more important than users security when those conflict.

    Unrelated but latest example of their “security” mindset : storing payment credentials in the browser and giving sites an API to access it under some conditions. Security and privacy disaster just waiting to happen when this gets exploited (and a bonus if they get sent to Google via account sync on Chrome, I didn’t check that). The only justification for implementing that ? Users won’t have to lose a few seconds to find and type their credit card number, so they’ll buy more on e-commerce sites.

    Spending so many man-hours on building very elaborate security mechanisms like this Project Fission and then ruining all security credibility by introducing themselves such trivial vulnerabilities…

  3. Weilan said on February 7, 2019 at 1:24 pm
    Reply

    I’m using Firefox and I like it, but it feels like they’re copying Chrome even more with the multiple processes.

  4. Mike W. said on February 7, 2019 at 5:20 pm
    Reply

    I have 8gb of non-upgradeable RAM on my laptop, which I have never come close to maxing out using Firefox or any other browser. That being said, for those with 2-4GB of RAM systems, I could see how this would be annoying and a negative. Still, selfishly I will appreciate the increased security.

    1. user17843 said on February 7, 2019 at 5:55 pm
      Reply

      https://data.firefox.com/dashboard/hardware

      Data suggests 20% of Firefox users are <3 GB

      1. Mike W. said on February 7, 2019 at 9:58 pm
        Reply

        True, and it will stink for those that have 3GB or less going forward. That being said, that same data indicates that the number of people with 8 or more GB of RAM is rising and I doubt that trend will slowdown as lower memory systems are phased out of the marketplace. Outside of REALLY low-end Windows hardware (which nobody should buy if they want a pleasant experience) and ChromeOS, it’s really hard to find a new laptop with less than 4GB of RAM anymore. Even phones with 4GB of RAM (on the Android side) are becoming rarer as OEM’s from China throw in 6-8 GB as a sales tactic.

      2. GoalPost Movers Hunter said on February 12, 2019 at 3:10 pm
        Reply

        Why are you moving the goalposts? more than 30% of Firefox users have only 4Gb, so if you add that to the 2-4 range you get a very sizeable chunk of Firefox users. Also even if it was only 20% of users who only have 2-4Gb of RAM then it’s still significant. Heck, even for Android users, it’s still significant.

  5. Dilly Dilly said on February 7, 2019 at 5:47 pm
    Reply

    Hopefully Palemoon gets Site Isolation along with WebRender.

    1. Weilan said on February 7, 2019 at 5:58 pm
      Reply

      WebRender is a thing after Firefox 57 (Quantum), maybe Firefox 64, for Palemoon to get it, it has to start using Firefox 64 as a base. And I think they use this old version of Firefox 27 as a base, because they have something in mind. If they update to Firefox 64, it will defeat the purpose of Palemoon. Also the reason for Basilisk to exist is because Palemoon already has compatibility issues with many websites.

      1. Ascrod said on February 7, 2019 at 10:36 pm
        Reply

        Considering that this Site Isolation would require a multi-process architecture that would break a lot of the browser’s extensibility, I doubt Pale Moon will adopt something like this any time soon.

        @Weilan please re-check your facts. The platform that Pale Moon and Basilisk both use is mostly based on Firefox 52-55, not 27; there are not that many differences between them in terms of compatibility.

  6. Sebas said on February 7, 2019 at 6:06 pm
    Reply

    I am glad they will implement it . Always feel a bit more secure with Brave browser, when I am clicking on new tech blog sites, preferably with Sandboxie. First party isolation extension can be removed then I guess.

  7. noemata said on February 8, 2019 at 9:05 am
    Reply

    who cares. really.

    sören hentzschel wrote in a comment: “advertising is an integral part of the web and necessary for economic reasons.”

    (https://www.soeren-hentzschel.at/firefox/firefox-67-cryptomining-fingerprinting-blocker/#comment-32172)

    that’s firefox in these days. avoid this browser, it’s enough. don’t be fooled into believing that this cancer is an “integral part of the web”. an integral part of the web is a functioning blocker against this cancer (if you want to support someone, like martin on ghacks, please do so via paypal or whatever)

    this goes even more to the linux community, which offers this browser by default, often even as the only (simple/tweak-free) repo – alternative. in the official fedora & manjaro & mint & opensuse & .. … forum they didn’t even know that ff phones to google via safe-browsing and that you are dealing with 2 policies here (linux fork or not). and that’s just the tip of the iceberg, as almost everyone here knows.

    1. foolishgrunt said on February 8, 2019 at 8:42 pm
      Reply

      And the award for the “most irrelevant cantankerous rant” goes to…

      1. noemata said on February 9, 2019 at 10:09 am
        Reply

        ad hominem. like most of the time, when it comes to this.

  8. John IL said on February 8, 2019 at 11:18 pm
    Reply

    I gave up on Chrome because their site isolation was using more RAM for protection from something that only exist on paper. Of course Firefox has to follow Chrome’s lead and create something similar. I find it disturbing how many patches and firmware we have thrown and the Spectre stuff without a hint of it being exploited. I’m fine with the tin foil hat people getting more assurance. But give us all a off switch so we don’t have to use any of it unless its needed.

    1. William Bobbleneck said on February 10, 2019 at 7:17 pm
      Reply

      Its really not that bad if being honest. Some of us here still use older processors like the intel 2nd generation i7, which only has one of the big cpu exploits of 2018 fixed, rather than both meltdown and spectre. Plus there’s a reason why you have ram in the first place and its to use it. Obviously a program shouldn’t be wasting it on pointless garbage/features but this update is somewhat necessary.

  9. Meredith said on February 13, 2019 at 7:54 am
    Reply

    I disabled multi processes some time ago in a haphazard elimination of suspects attempt to prevent FF from hogging ridiculously large amounts of memory (up to 12GB of 16GB!) which caused the browser to come to a grinding halt. I’m loathe to re-enable it. Any advice? TIA.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.