The Firefox sandboxing innovation confines the browser from the operating system in a way to block web attacks from using a vulnerability in the browser engine and its logical functions to attack the underlying OS, place malware on the filesystem, or remove local files.
Chrome has regularly run inside a sandbox. Initially, Firefox ran only a few plugins inside a sandbox such as Flash, DRM, and other multimedia encoding plugins.
In 2016, Firefox accepted support for running in multiple processes. Mozilla engineers split the browser UI method from the web page rendering operations.
The latter got a sandbox, which Mozilla updated with every release. Because Windows and Linux are diverse operating systems and most of the Firefox user base is on Windows, Mozilla focused on improving the Firefox sandbox for Windows first.
In Firefox 57, the Firefox sandbox point will receive improvements to put it on similar levels of protection as the Windows version.
Because Firefox is still intertwined with the GTK user interface, the Firefox web rendering process is still supported to read from the filesystem in various situations.
“Rather than delay the security changes till this is reworked, we’ve chosen to work around this by supporting a few very specific locations through,” Pascutto said.
“Due to the infinite configurability of Linux systems, it’s always welcome there will be cases where a non-regular setup can break things, and we’ve kept Firefox configurable, so you can at least help yourself if you’re so inclined,” the developer added.
The Firefox team has continued new parameters to the Firefox about: config configuration panel that Linux users can twitch in case some web pages don’t illustrate as they did before the user updated to Firefox 57.