The Firefox sandboxing innovation confines the browser from the operating system in a way to block web attacks from using a vulnerability in the browser engine and its logical functions to attack the underlying OS, place malware on the filesystem, or remove local files.
Chrome has regularly run inside a sandbox. Initially, Firefox ran only a few plugins inside a sandbox such as Flash, DRM, and other multimedia encoding plugins.
In 2016, Firefox accepted support for running in multiple processes. Mozilla engineers split the browser UI method from the web page rendering operations.
The latter got a sandbox, which Mozilla updated with every release. Because Windows and Linux are diverse operating systems and most of the Firefox user base is on Windows, Mozilla focused on improving the Firefox sandbox for Windows first.
In Firefox 57, the Firefox sandbox point will receive improvements to put it on similar levels of protection as the Windows version.
“The content process – that is the one that executes the web pages from the internet and produces JavaScript is now blocked from showing large parts of the filesystem, with some exceptions for libraries, arrangement information, themes, and fonts. Notably, it is no hard possible to read private data in the home directory or the Firefox user profile, even if Firefox were to be compromised,” said Gian-Carlo Pascutto, one of the Mozilla designers who worked on the feature.
Because Firefox is still intertwined with the GTK user interface, the Firefox web rendering process is still supported to read from the filesystem in various situations.
“Rather than delay the security changes till this is reworked, we’ve chosen to work around this by supporting a few very specific locations through,” Pascutto said.
“Due to the infinite configurability of Linux systems, it’s always welcome there will be cases where a non-regular setup can break things, and we’ve kept Firefox configurable, so you can at least help yourself if you’re so inclined,” the developer added.
The Firefox team has continued new parameters to the Firefox about: config configuration panel that Linux users can twitch in case some web pages don’t illustrate as they did before the user updated to Firefox 57.
Add Comment