Project Fission and Firefox will isolate websites

Mozilla's Project Fission team is preparing to implement a new security feature in Firefox that will isolate websites. Google uses something similar in version 67 of the program ς , to mitigate side-channel attacks from malicious websites.

The security flaws that Mozilla wants to protect the Firefox user with Project Fission were reported in Google Project Zero on 3 January of 2018.

Project Fission

The Specter (variants 1 and 2) and Meltdown (variant 3) vulnerabilities allow attackers to misuse CPU data storage time "to leak information."

The security holes mentioned above were immediately patched by Firefox's security teams, but it was noticed that with new attacks through other channels (side-channels) they could affect Firefox users when they visit a malicious site. .

According to Nika Layzell of Mozilla Project Fission:

Our goal is to create a browser that will not only be secure against known security vulnerabilities, but will also have layers of built-in defense against potential future vulnerabilities. To achieve this, we need to refresh the Firefox architecture to support the complete isolation of the site.

We call this the next step in of the Firefox process model “Project Fission”. With Project Fission, we will "split the atom", splitting cross-site iframes into different processes from the parent frame (ie the frame that contains them).

"This means that even if a Specter attack is launched by a malicious website, the data from other sites will generally not be loaded into the same process, so there would be much less data available to the attacker," said Google's Charlie Reis.

The first implementation of Project Fission in Firefox should be seen at the end of February 2019. Let's wait to see if all this affects the performance of the browser.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.081 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).