Johnny G
For the moment, Site Isolation is available in the Nightly edition and Firefox beta, with manual activation.
The new Firefox security architecture is ready. Mozilla has made it available in the Nightly edition and the beta release. With the browser failing to break out of its marginal role in other areas, developers focus on security and speed.
The innovation is that the browser treats all processes that are not part of a web page as separate processes and runs them in isolation.
This architecture also provides adequate protection against Meltdown and Spectre-style attacks, which is a step in the right direction.
Isolation Mode Improved
Isolated execution is designed so that one process can't steal resources from the others. This can also improve browser speed.
Mozilla Firefox currently handles many processes separately. However, on startup, the browser launches a privileged parent process, eight different web content processes run, and there may be two other partially privileged web content processes.
The browser is equipped with four “helper processes” for web extensions, GPU operations, network operations, and media decoding.
New architecture
However, this architecture cannot prevent malicious websites from interfering with the processes that are already in use by another website.
For example, embedded ads or pages are included in the same process as the page you are opening, even if they are not on the same website.
However, this also gives the malicious side access to the shared process memory, allowing Spectre-like attacks to be carried out.
Step in the right direction
Mozilla has radically changed this: site isolation starts a separate process for each embedded element that is not on the same site. Each process does not access each other's memory space.
Even the HTTP and HTTPS versions of the same web page are handled in separate processes.
There are other benefits of the new architecture- impact on performance and ultimately the browsing experience.
Running each page in separate processes ensures that a page with a high computational demand does not degrade the responsiveness of the other pages. In this way, the browser can take advantage of the hardware, as work can be distributed across CPU cores.
In addition, the whole application is more stable because crashing one tab or subframe doesn't affect the progress of other loaded web pages.
It's not a new idea; Google used something similar to it to protect against vulnerabilities. But the Site Isolation feature for Chrome, which came later to Android, was not made default as it was very resource-intensive.
Mozilla's primary focus is developing a solution that will both increase security and improve browser performance.
To enable Site Isolation on Firefox Nightly:
1.Navigate to about:preferences#experimental
2.Check the “Fission (Site Isolation)” checkbox to enable.
3. Restart Firefox.
To enable Site Isolation on Firefox Beta or Release:
1. Navigate to about:config.
2. Set `fission.autostart` pref to `true`.
3. Restart Firefox.
