Mozilla anunció el martes que ahora se puede obtener una vista previa de un esfuerzo de varios años para reforzar las defensas de Firefox en las versiones Nightly y Beta del navegador.
Launched as "Project Fission" in February 2019, the project was also related to more descriptive "site isolation," a defensive technology in which a browser dedicates separate processes to each domain or even each website and, in some cases, assigns different processes. to site components, such as iframes, so that they are rendered separately from the process that manages the entire site. The idea is to isolate malicious sites and components, and the attack code they host, so that a site can't exploit an unknown or as-yet-unpatched vulnerability and then loot critical information from the browser, device, or device memory. This information may include authentication information, sensitive data, and encryption keys. "Site isolation is based on a new security architecture that extends current protection mechanisms by separating (web) content and loading each site in its own operating system process," wrote Anny Gakhokidze, lead platform engineer, in a May 18 article on the Mozilla Hack Site. “To fully protect your private information, a modern web browser must not only provide application layer protection, but must also completely separate the memory space of different sites,” she continued.
Do you remember Specter? What about Meltdown?
Site isolation was nothing new when Mozilla introduced it two years ago. The term had been used by Google in late 2017, when it started talking about new defensive features it would add to Chrome and implement the first iteration of the technology. Although the Mountain View, California-based company has been working on site isolation for much of this decade, it added the technology to Chrome in late 2017 and waited until mid-2018 to turn it on for most users. Fortunately, the site isolation was a response to Specter and Meltdown, entirely new classes of vulnerabilities that became public in early 2018. The flaws, which have been found in a wide range of hardware, including PC processors and servers, as well as in Software, especially browsers, caused an instant sensation and an industry-wide mitigation effort by everyone from Intel and Lenovo to Microsoft and Google, whose engineers were the ones who discovered Specter. Mozilla, like other browsers not designed by Google, was forced to create ad hoc defenses against Specter and Meltdown. But he also vowed to follow Chrome's lead in terms of site isolation, even if this job required "rearchitecting Firefox," obviously a major undertaking. Currently, Firefox launches a fixed number of processes, including one main process for the browser, eight for handling web content, and four for utility purposes such as browser plug-ins and GPU operations (GPUs). However, with site isolation enabled, each site is assigned its own process, and in some cases, elements on a page (in one case on Firefox, this was Amazon's ad platform) are also assigned. separate processes. (When site isolation is on, users can see active processes by typing about:process in the Firefox address bar.) Two years ago, Mozilla refused to set a timeline for the release of Firefox with Fission (also known as Site Isolation), which only meant that the work would be hard and possibly long. "We need to rearchitecture Firefox," said Nika Layzell, the Fission team's technical project lead at the time. "Fission is a massive project." The image is a bit clearer now.
An uncertain timeline
Mozilla integrated Fission into the Firefox 89 beta (as well as the much less sophisticated Nightly version). It even allowed site isolation to "a subset of users" of the Firefox 89 Beta in an attempt to get feedback on the technology's functionality. This does not mean that a site lockdown is imminent (production-grade Firefox 89 is scheduled to launch on June 1, in just two weeks). Mozilla's Gakhokidze has put Firefox users on hold, says the company's plan rolling out to more of our users later this year. He notes what he didn't say, that all Firefox users would have Fission in their hands by the end of December. For those not lucky enough to have Mozilla turn on Fission, there is a way to manually turn on the technology. Type about:config in the address bar, accept the warning, and in the search box on the resulting page, type fission.autostart and press Enter or Return. The boolean input should be false. Set it to true by clicking the two-way arrow icon on the far right, which is a simple toggle. More information about Firefox fission can be found on the Mozilla website.
<p>Copyright © 2021 IDG Communications, Inc.</p>