His team Project Fission της Mozilla ετοιμάζεται να εφαρμόσει ένα νέο χαρακτηριστικό ασφάλειας στον Firefox which will isolate the web pages. Something similar is used by Google in version 67 of the Chrome browser to mitigate side-channel attacks from malicious websites.
The security flaws that Mozilla wants to protect the Firefox user with Project Fission were reported in Google Project Zero on 3 January of 2018.
The Specter (variants 1 and 2) and Meltdown (variant 3) vulnerabilities allow attackers to misuse CPU data storage time "to leak information."
The vulnerabilities mentioned above were fixed immediately by Firefox security teams, but it was observed that new attacks through other side-channels can affect Firefox users when they visit a notorious website.
According to Nika Layzell of Mozilla Project Fission:
Our goal is to create a browser that will not only be secure against known security vulnerabilities, but will also have layers of built-in defense against potential future vulnerabilities. To achieve this, we need to refresh the Firefox architecture to support the complete isolation of the site.
We call this the next step in the evolution of the Firefox process model "Project Fission". With Project Fission, we will "separate the individual" by dividing them cross-site iframes in different processes from the parent frame (s.s .: the frame that contains them).
“Αυτό σημαίνει ότι ακόμα κι αν προωθείται μια επίθεση Specter από μια κακόβουλη ιστοσελίδα, τα δεδομένα από άλλους ιστότοπους γενικά δεν θα φορτώνονται στην ίδια διεργασία και έτσι θα υπήρχαν πολύ λιγότερα διαθέσιμα δεδομένα στον επιτιθέμενο”, σύμφωνα με τον Charlie Reis by Google.
The first implementation of Project Fission in Firefox should be seen at the end of February 2019. Let's wait to see if all this affects the performance of the browser.
