Firefox Security to Improve with Sandboxing and JIT Hardening
The move to the new rapid release cycle has definitely spurred new blood into Firefox development. Firefox 10 is around the corner, even as Firefox 4 landed less than a year ago. In that time, the browser has evolved, it's faster, less memory hungry and boasts plenty of new features as well as better support for new web standards.
But there's one department where Firefox may still be a little behind, security. Firefox is not an unsecure browser, compared the other popular browsers, but it is lacking some big features, especially those that Google Chrome, which has become the gold-standard, boasts, notably sandboxing and JIT hardening.
According a recent interview though, Mozilla is working on just those very features, though work is more advanced in some aspects than in others.
A recent report, created by an independent company but paid for by Google, found Firefox to be lacking in a couple of areas in particular.
"The reality is that the way our JIT engine is built makes it somewhat resilient to JIT Spraying attacks," Johnathan Nightingale, director of Firefox Engineering at Mozilla, said in an interview.
"But there is still work we can do on that class of vulnerability to just get it out of the realm of even the theoretical -- and that work is ongoing," he said.
A second somewhat warranted criticism of Firefox security is the lack of process sandbox. Google Chrome, quite famously, has been built from the start with sandboxing in mind, all processes are isolated from the main system memory, other processes and so on via the sandbox ensuring that, even if something goes wrong, the damage is not that great.
Mozilla is working on this too, though it is still assessing the issue. The fact is, it's quite difficult to bolt on sandboxing to the existing Firefox code and Mozilla is looking at ways to do this or even if it is feasible.
"Sandboxing has some real benefits, but it's not a silver bullet," Nightingale said. "It is something that our platform team is looking at really closely."