Firefox Site Isolation Should Protect You Against Future Specter Attacks


Mozilla will provide Firefox with a new security measure called Site Isolation that will protect users from future variants of the Specter attack and similar vulnerabilities. Site Isolation ensures that each website is loaded in a separate operating system process, making it more difficult for malicious sites to read data from other websites.


"This new security architecture allows Firefox to completely separate code from different sites, protecting against malicious sites that attempt to access sensitive data from other sites visited," said Mozilla's Anny Gakhokidze. Without Site Isolation, for example, vulnerabilities such as Specter and Meltdown would allow malicious sites to gain access to data from other sites.


Preventing such attacks requires that each OS-level site be loaded in a separate process. Firefox already uses various processes to load web content, for example. However, according to Gakhokidze, this does not yet provide sufficient protection, because it can happen that two different websites use the same operating system process and thus share the process memory. Then, via a vulnerability like Specter, it would be possible for one site to access data from the other sites in this memory. Site Isolation prevents this.


In addition to the protection that the measure offers, it also has other advantages. By loading more websites in separate processes, one website will not affect the response of websites in other processes. Using more processes to load websites can also distribute the load across multiple CPU cores, making more efficient use of the underlying hardware.


In addition, the better separation will ensure that a crashing website or tab will not affect websites in other processes, providing better stability and user experience, Gakhokidze said. Site Isolation is now available in the desktop versions of Firefox Nightly and Firefox Beta, but still needs to be enabled by users themselves. According to Gakhokidze, this is a "monumental change" within Firefox that should protect users from future variants of Specter.

Previous Post Next Post