Sandboxing technology levels up browser security
Mozilla is offering improved security controls for Firefox users with the debut of a long-anticipated version of Site Isolation technology.
Bundled in the release of Firefox 94, released on Tuesday (November 2), Mozilla’s Site Isolation offers protection from side-channel attacks, such as Spectre, through a form of process sandboxing technology.
More generally, Site Isolation technology defends against compromised browser rendering processes and related security risks.
Shared renderer processes have been considered risky since 2018’s discovery of transient execution attacks such as Spectre and Meltdown, which can leak sensitive data including passwords and credentials via microarchitecture state.
The same security enhancement technology can also defend against problems arising from universal cross-site scripting (UXSS) vulnerabilities.
Using Site Isolation technology means that documents from different websites are no longer rendered by the same process – a clear security win.
Mozilla’s version of Site Isolation technology was originally announced back in May. Other browser developers, meanwhile, have also been busy charting a similar course with Site Isolation technology.
For example, Google first introduced a Site Isolation browser architecture in May 2018 with Chrome 67. The technology has been progressively developed since and has been ported to mobile browsers among other developments.
The latest iterations of Microsoft Edge’s browser are based on Google Chromium engine and therefore inherit the same underlying Site Isolation technology developed by Google.
Apple’s Safari is yet to incorporate Site Isolation, as such, but it does have a technology called Intelligent Tracking Protection that guards against session tokens being leaked.