Companies have been scrambling to offer software updates to protect against the Spectre and Meltdown vulnerabilities since before they were disclosed to the public last year.
The vulnerabilities allow an attacker to use a speculative execution side-channel attack to obtain data from your computer that shouldn’t be accessible.
One thing Google did to help protect users of its Chrome web browser was to implement a feature called “site isolation” which assigns a new process to every website — and even every iframe running on a page. That prevents a script from running on one page from reading data from another, for example.
Now Mozilla has announced it’s also bringing site isolation to Firefox… eventually.
Mozilla’s site isolation effort is code named “Project Fission” and the first development milestone is expected to be reached by the end of February. That doesn’t mean you’ll be able to take full advantage of Fission in Firefox this month. It just means the developers will have laid the groundwork for out-of-process iframes.
Mozilla’s Nika Lyzell says that while Firefox already includes mitigations to help protect users against known side-channel attacks including Spectre variants 1 and 2 and Meltdown variant 3, moving to site isolation has the advantage of protecting users against unknown, future attacks using this method
But it’s probably going to take a while to get there.
While Google’s Chrome web browser has support multi-process architecture since day one, Firefox has only adopted a multi-process framework relatively recently, and it’s going to take much more work to go from the current multi-process system to one that fully supports site isolation.