Mozilla's Project Fission team is preparing to implement a new security feature in the Firefox which will isolate the web pages. Something similar uses και η Google στην έκδοση 67 του προletterof browsing Chrome, για να μετριάσει τις side-channel επιθέσεις από κακόβουλους ιστότοπους.
The security flaws that the Mozilla Foundation wants to protect the Firefox user from with Project Fission were reported in Project zero of Google on 3 January of 2018.
The Specter vulnerabilities (variants 1 and 2) and Meltdown (παραλλαγή 3) επιτρέπουν σε επιτιθέμενους να καταχραστούν τον χρόνο προσωρινής αποθήκευσης δεδομένων της CPU “για να διαρρέουν πληροφορίες.”
The vulnerabilities mentioned above were fixed immediately by Firefox security teams, but it was observed that new attacks through other side-channels can affect Firefox users when they visit a notorious website.
According to Nika Layzell of Mozilla Project Fission:
Our goal is to create a browser that will not only be secure against known security vulnerabilities, but will also have layers of built-in defense against potential future vulnerabilities. To achieve this, we need to refresh the Firefox architecture to support the complete isolation of the site.
We call this the next step in the evolution of Firefox process model "Project Fission". With Project Fission, we will "split the individual", dividing the cross-site iframes into different processes from the parent frame (s.s .: the frame that contains them).
“This means that even if a Specter attack is launched by a malicious website, the data from other sites would generally not be loaded in the same process, so there would be much less data available to the attacker,” according to Google's Charlie Reis.
The first implementation of Project Fission in Firefox should be seen at the end of February 2019. Let's wait to see if all this affects the performance of the browser.