Firefox 70: Site Isolation testing begins officially
Mozilla has been working on integrating site isolation in the Firefox web browser for a while. Called Project Fission, the goal is to improve security in the Firefox web browser by isolating content by site in the browser.
Firefox uses a multi-process system currently that divides website content and browser specific content using multiple processes. Multiple sites may share a process and one of the main goals of Project Fission is to isolate these, including cross-site iframes, entirely.
Google implemented site isolation in its Chrome browser in 2018 stating that the feature improved security and stability of the browser. Google noted however that the feature would increase memory usage by about 20% on average.
Firefox users could enable Fission when the Nightly version hit version 69 already but this was mostly useful for internal testing of functionality. Now, with the release of Firefox 70 Nightly comes an official "go" from the organization to test the new site isolation feature.
Site isolation is not enabled by default in the Firefox web browser at the time of writing. Users need to enable Fission to make use of it. When it is enabled, Firefox will load any cross-site iframe in its own content process.
When Fission is enabled, each cross-site iframe is loaded in a different content process, meaning lots of different processes participate in drawingÂ a single tab. The hover tooltip for a Fission-enabled tab is annotated with a "[F â€¦]" containing a series of process IDs, as shown in the image below, serving as a visual verification of an active Fission-enabled session.
You may hover over any tab in the Firefox web browser after enabling Fission to display the process IDs used by Firefox to display that website.
Site Isolation is still a work in progress. Mozilla notes that it should be used for testing and not day-to-day browsing as users may experience stability and functionality issues because of open bugs.
Firefox users may also check the remote processes listed on the about:support page of the web browser to list web isolated processes.
Site Isolation improves the stability and security of the Firefox browser when enabled at the expense of increased memory usage. Memory usage will likely increase by about the same percentage that Chrome's memory usage increased after the implementation; this would mean an increase of about 20%.
Mozilla has yet to pick a release target for the new feature.
Now You: What is your take on Fission in Firefox? (via Techdows)
Injecting custom styles does not work inside ifames – uBlockO cosmetic filtering does not work as it should.
“Injecting custom styles does not work inside ifames â€“ uBlockO cosmetic filtering does not work as it should.”
Are you saying that those features have never worked inside iframes, or that they will no longer work inside iframes if Fission or Containers are activated?
Also, is this documented somewhere, or is your statement based on your own observations?
Does not work *yet* with Fission. Not implemented.
I understand the difference between Electrolysis (E10s) and Fission.
However, and from a privacy/security point of view, it is not clear to me the difference between Fission and First-Party isolation (FPI)/Containers. If Fission isolates processes, FPI/Containers are going to be obsolete?
I will appreciate a clear answer.
Thank you in advance!
See my next comment ;)
Thanks Martin. Please, just to be clear:
If I don’t need containers to share cookies etc, if I look for clean private separate processes (protected from being tracked by other webpages), and if I activate Fission… then in this case containers are obsolete?
What about FPI? With Fission third-parties in same webpage will be able to track first-parties? Or Fission also isolates first-parties from third-parties on same webpage?
I apologies, still is confusing me.
When I talk to GoogleChrome’ users, they argue that FF’ FPI and Containers are obsolete with Google’ SiteIsolation. In addition, FF’ FPI and Containers have a lot of bugs and conflicts with add-ons, content blocking, ad-blockers etc. So, if Fission might make FPI & Containers obsolete… for me will be great!
I have to edit my initial comment.
There are three concepts:
Fission aka Site Isolation
Containers isolate sites from sites outside the container. You can put multiple into a container and they may share information if, e.g. the same tracking resources are loaded.
First-Party Isolation does more-or-less what Containers do, but for each site individually. Means: If the feature is enabled, you don’t need to use Containers for blocking tracking. Containers may still be useful for other purposes, e.g. automatic clearing of data in a container.
Fission / Site Isolation moves sites and cross-site iframes into their own process; this isolates them from one another which improves security.
Thanks again Martin! I liked your edition : ) … it is a bit more clear now (LOL). However, at the same time is still a bit confusing (LOL).
You know what? Here is a suggestion for another great future GHacks’ article: “The difference between FPI, Containers, Fission… and different uses, applications, cases, scenarios etc”. I’m sure it will be a very interesting article, because each time I ask the same questions, I receive a different answer. And I already asked Firefox’ employees, Devs, tech-guys, advanced-users etc etc… everyone has a different answer… a symptom that the subject is confuse or not clear.
At the end, what really I want to know is the redundancy of functions, and browser performance issues. For example, thanks to your explanation, now I know that Containers are a kind of obsolete if FPI is active, if user has ads-tracking-blocker, third-party-cookies-blocked, and if user has Nightly (cleaning browser content at least 3 times per day due to Nightly’s updates). Yeah, you’re right, Containers still might be useful for some users. But in my example, and based on your explanation, seems that Containers can be disabled. And why to disable? Because bugzilla is full of Containers bugs (FPI’ bugs, content-blocking bugs etc).
So please, if possible, an article describing what can be replaced and when, or what will be the best privacy/security procedure, or the best browser performance settings etc… this article will be more than welcome.
Thanks in advance!
that’s great, but why another unclear name to remember? shouldn’t these be as clear as possible?
We’re no longer in the Browser wars, these are the Bloat wars. It’s a competition to see who can chew up the most ram to become biggest, fattest browser on the planet.
The Browser wars are dead along with democracy and anti competitive laws. Mozilla is Edgar wearing it’s former hosts skin, more sugar in the water you peons.