In recent reports, Mozilla has provided that it is currently in the process of testing a major new Site Isolation security architecture for its Firefox browser that will split each website into its own process.
Trying over current Mozilla scenario:
In the current scenario, the launching of Firefox initiates a privileged parent process, which subsequently genres eight processes for web content, and a maximum of two additional semi-privileged web content processes, along with four utility processes for web extensions, GPU operations, networking, and media decoding.
With the aforementioned parameters in perspective, a malicious website could be established into a process that is already in use by another site thereby permitting access to the shared process memory.
Using a Spectre-like attack, the malicious site could access data from other sites in the same process.
This can also mean that any sorts of embedded pages, subframes, or ads could be placed into the same process as the parent page regardless of the fact that they may not be of the same site.
With Site Isolation, each of the embedded elements that are not part of the same site will have their own process, with the client operating system to provide memory protections and security guarantees.
In a blog post by Mozilla engineer Anny Gakhokidze, she provides that the same cyber-hazardous scenario could result in users getting duped into supplying sensitive data.
“In the case of a successful Spectre-like attack, a top-level site might access sensitive information it should not have access to from a subframe it embeds (and vice-versa)” she notes.
The Site Isolation feature:
The new Site Isolation security architecture within Firefox will effectively make it even harder for malicious sites to execute such attacks.
As a result, Mozilla is now testing a Site Isolation feature which will render it harder for malicious sites to discharge such attacks.
Additionally, Firefox will treat http and https versions of a site as different sites, meaning they get put in separate processes.
The Site Isolation feature will employ a community-maintained list of domains that works as effective top-level domains and need to have each subdomain treated as a separate site.
The new feature will also benefit the Mozilla Firefox browser in problems like one site chewing up compute resources or having its garbage collected should not “degrade the responsiveness” of other pages, nor should a page crashing impact pages in other processes.
“Using more processes to load websites allows us to spread work across many CPU cores and use the underlying hardware more efficiently,” said Anny Gakhokidze.
Site Isolation was primarily exhibited by Firefox in early 2019 when it was dubbed Project Fission.