Firefox 110 will launch with GPU Sandboxing on Windows
Mozilla plans to enable GPU sandboxing in Firefox 110 Stable for Windows in February 2023. GPU sandboxing improves Firefox security by applying isolations to the GPU process.
A sandbox isolates a process so that malware can't be used directly to attack other processes on a device. The malware has to find a way to escape the sandbox to run its attacks on the system.
Firefox supports several sandboxes already, e.g., for content and socket processes.
GPU sandboxing has been in development for six years. It is a major milestone for Mozilla as it addresses one of the main criticisms leveled against Firefox's sandboxing model.
The first iteration of the sandbox will launch weakened, as work on a filesystem related issue is ongoing. The issue, which Mozilla hopes to have resolved by Firefox 112, caused breakage of the shader cache. Engineers resolved this by giving the sandboxed GPU process full access to the filesystem on Windows.
The breakage of the shader cache was observed on some machines only, and additional time is required to investigate the issue and find a solution for the issue.
Once the issue is resolved, full access is revoked and GPU sandboxing works as expected in the Firefox web browser.
Mozilla confirmed the intention to launch GPU sandboxing in Firefox 110 for Windows on the organization's Bugzilla website. There, it confirmed that Firefox 110 will be the first stable release of the web browser that supports the feature by default.
GPU sandboxing has been enabled on Beta, Developer and Nightly versions of the Firefox web browser for some time.
The Firefox preference security.sandbox.gpu.level determines whether GPU sandboxing is enabled. A value of 0 means that it is disabled, a value of 1 that it is enabled.
Firefox users may check the status of sandboxing in the following way on their devices:
- Load about:support in the web browser's address bar, or select Menu > Help > More troubleshooting information.
- Scroll down to the Sandbox section near the bottom of the page (search for Sandbox to get there quicker).
Firefox lists the status and level of each sandbox. Higher levels mean tighter restrictions.
Firefox 110 is scheduled for a release on February 14, 2023.