this post was submitted on 12 Jul 2023
1054 points (99.3% liked)
Firefox
17907 readers
23 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As a security researcher, running each site in its own process isn't enough. Chrome has a much stronger multiprocessing model on most platforms. For example, Chrome on Android sandboxes between processes whereas Firefox simply relies on the built-in Android sandbox, which provides limited protection between these processes. It's much easier to break out of the sandbox in Firefox because it's easier to move laterally, for one. Those processes have to communicate with each other at some point.
But, don't believe me just because I claim any sort of credential on the Internet. It's such a difference in security that GrapheneOS strongly discourages using Firefox for its weak implementation in addition to the link I provided above. From the link:
I love Firefox. I use it anyway. It's not insecure. But it's absolutely not as secure because it lacks modern exploit mitigations. Running process per site is an improvement but it's still less secure than the architecture used in Chrome.
EDIT: Sound less entitled.
I can't speak for Android, it's long way to go for sure, but on desktop, it's great. And for Fedora PhoneUI / Phosh seems already working because it's linux ootb.
in short android not included I suppose. They have custom multiple process sandbox, but last time I enable it, it broke everything in nightly
@garam
Firefox is not that bad 4 android, not that brilliant either
@henfredemars
Well, for me it's great, but if we talk about sandboxing, it's not there, not even in nightly, but it's useful for me for day to day task, almost anything in Android