Firefox is currently testing a new feature that will defend users from zero-day vulnerabilities and Spectre-like attacks. The new security feature is currently available only in the beta and nightly versions of the browser.
Dubbed as “Site Isolation,” the new feature runs every website you open in the browser under its own process. As of now, Firefox launches a parent process, eight processes that handle web content, along with two more processors for web content that have less privilege. The browser also uses four more processes responsible for handling web extensions, GPU operations, media decoding, and networking.
The current security setup of the browser can let a malicious website place and execute its code in the working space of another process that another website might use. If the code uses something similar to the Spectre vulnerability, it can easily access and manipulate the data from other processes.
According to a blog post by Anny Gakhokidze, a Mozilla senior engineer,
In a more dangerous scenario, a malicious site could embed a legitimate site within a subframe and try to trick you into entering sensitive information.
This means that ads, banners, and pages are placed into the same process from multiple websites. The Site Isolation feature works on fixing the same. It lets every website create its own process to have a secure and isolated workspace and memory allocation.
In the case of a successful Spectre-like attack, a top-level site might access sensitive information it should not have access to from a subframe it embeds (and vice-versa) — the new Site Isolation security architecture within Firefox will effectively make it even harder for malicious sites to execute such attacks.
Firefox will also treat the HTTP and HTTPS versions of websites as different sites, meaning both of them will have a separate process. Site Isolation will use a list that will be maintained by the community that functions as top-level domains such as Blogger and WordPress, with every subdomain acting as a separate website.
Another advantage of using Site Isolation is that it will improve the overall performance of Firefox by preventing websites from eating resources such as RAM and CPU. The crashing of a page will also not affect other browser parts since Firefox can easily terminate the process and be done with it.
Using more processes to load websites allows us to spread work across many CPU cores and use the underlying hardware more efficiently.
The project started in 2019 with Mozilla calling it Project Fusion back then. Other browsers such as Chrome have their own version of the feature. We expect the feature to come to Firefox stable soon.