Mozilla Tests Site Isolation in Firefox to Protect Against Spectre

Mozilla is testing a new feature in beta versions of Firefox that will allocate a separate process for each website at the operating system level. Essentially, this is the well-known “Site Isolation” technology that Chrome developers implemented over three years ago.

Currently, when Firefox launches, it opens a privileged parent process, eight processes for web content, about two additional processes for content, and four more for extensions, GPU operations, and network activity. In other words, the browser uses a set number of processes, which is not ideal from a user security perspective. In this setup, a malicious website can infiltrate a process already occupied by a legitimate resource, causing them to share memory.

With attacks like Spectre (via side channels), administrators of malicious sites can gain access to data from another resource occupying the same process. Naturally, this could lead to the compromise of passwords and other important user data.

However, if browser developers implement site isolation, each website will receive its own dedicated process, and even embedded elements from third-party resources will be separated into their own processes. This approach helps protect memory from unauthorized access by malicious web resources.

“A potential attack vector allows a malicious site to embed a frame on a legitimate resource, which could lead to the leakage of confidential information. With site isolation, Firefox will effectively prevent such cyberattacks,” Mozilla developers wrote in their blog.