While the Site Isolation security mechanism initially was targeted at mitigating Spectre-like attacks which leads to data leaks from given renderer process, Firefox's Site Isolation architecture extends it further by creating operating system process-level boundaries for websites loaded in Firefox for Desktop browser.
The aim is to load each site separately in its own operating system process, which as a result, will prevent malicious code from rogue websites from accessing confidential information stored in the other websites.
How Site Isolation can be effective against Side-channel attacks?
Site Isolation is relatively capable of handling severe attacks whereby the renderer process is compromised through security bugs, like the bugs related to memory corruption or UXSS logic errors.
Spectre and Meltdown vulnerabilities which were publicly disclosed way back in January 2018, is a case in point, as it forced browser vendors and chipmakers to incorporate built-in defenses in their respective platforms to mitigate attacks that could break boundaries between the different applications to allow hackers access to passwords, encryption keys, and other sensitive information directly from a computer's kernel memory.
Mozilla, however, was clear that with the evolving techniques of malicious actors on the web, it needed to redesign Firefox browser to mitigate any future variations of such vulnerabilities and to keep users safe when browsing the web.
Thus, the fundamental redesigning of Firefox’s Security architecture which extends current security mechanisms by creating operating system process-level boundaries, and isolating each site into a separate operating system process to make it even harder for malicious sites to read another site’s secret or private data.
How to enable Site Isolation on Firefox Nightly?
If you'd like to give the feature a spin, you can follow these steps to enable Site Isolation on Firefox Nightly:
Navigate to about:preferences#experimental
Check the “Fission (Site Isolation)” checkbox to enable.
Restart Firefox.
To enable Site Isolation on Firefox Beta or Release:
Navigate to about:config.
Set `fission.autostart` pref to `true`.
Restart Firefox.
But note that Firefox’s Site Isolation feature is currently rolling out and Mozilla is only allowing a subset of users to benefit from this new security architecture on its Nightly and Beta channels with plans to roll out to more users later this year.
No comments