Changes

Jump to: navigation, search

Project Fission

2,319 bytes added, 15:06, 1 October 2020
Adding a somewhat vulgarized summary
Fission is Mozilla's project to implement implementation of ''Site Isolation'' in Firefox site isolation. This introduces Site Isolation is a major architecture change security feature that offers additional protection in case of large classes of security bugs. Site Isolation safely sandboxes web pages and web frames, isolating them from each other, further strengthening Firefox security. = Why? =  Web security is designed in such a way that websites or webframes cannot access each other's data inside the browser. However, bugs happen. The Firefox teams and the Mozilla security teams invest considerable effort in avoiding security bugs, or, if they exist, finding them out and fixing them before release. However, if a bug somehow slips past developers, analysis and tests, and a sufficiently cunning attacker manages to find the bug before it can be fixed, they can sometimes craft a page specifically designed to access data from other sites that the user is currently visiting or has recently visited. Firefox developers already employ a number of counter-measures to make such undetected bugs less likely to succeed, from programming in memory-safe languages to adopting defensive programming techniques. Site Isolation is a new counter-measure dedicated to this purpose. With Site Isolation, pages and frames are executed in processes dedicated to their origin. = Example = Consider a blog on https://example.com with a Facebook like button (frame from https://facebook.com) and a Twitter button (frame from https://twitter.com). Without Site Isolation, this entire page runs in a unique single process is allocated for . If an undetected bug in Firefox somehow allows the main web page of the blog to access data inside the frames despite the protections in place, the malicious owner of https://example.com (or someone who had already stolen the domain) may be able to take advantage of this bug to impersonate the Firefox user in the Facebook and Twitter frames, and possibly use this impersonation to send fake messages or read private messages. With Site Isolation, this blog now runs on three different processes, one for https://example.com, one for https://facebook.com and one for https://twitter.com. These processes are sandboxed which limits what each unique third-party iframe embedded of the processes can do. Even if the malicious owner of https://example.com were to take advantage of an undetected Firefox bug and to take control of the process in charge of https://example.com, the processes in itcharge of https://facebook.com or https://twitter.com would reject any request from this compromised process. In other words, thereby safely sandboxing them this hypothetical bug is not sufficient anymore to impersonate the Firefox user in the Facebook and further strengthening Firefox securityTwitter frames.
= Contact =
184
edits

Navigation menu