Mozilla announced that it’s been working on a new security-related project for Firefox, called “Project Fission” (not to be confused with “Project Fusion,” the merger between Firefox and the Tor browser) that aims to protect users against existing and future Spectre attacks, as well as other potential vulnerabilities.
Project Fission, Milestone 1
Mozilla assigned the Project Fission codename because it will try to “split the atom,” so-to-speak. The nonprofit is aiming to isolate not just the UI and content of a web page, but also the various domains that may connect to it.
This would ensure that a website’s data would be out of reach for attackers exploiting speculative side-channel attacks, such as Spectre and Meltdown. Spectre-class attacks allow an attacker to exfiltrate data stored in memory from other applications or web pages.
Mozilla announced that it would achieve the first milestone for Project Mission by the end of this month. This will include support for out-of-process iframes, meaning that iframes will render within a different process than the one of the parent web page.
Project Fission is a revamp of the multi-process "Electrolysis" architecture that Firefox adopted back in 2016. Initially, the Electrolysis architecture would isolate only the UI of the browser from all web content.
Later on, Mozilla enabled an additional three sandboxes/processes, for a total of 5 by default: one for the UI, and four for various web content. Users were also able to customize how many content sandboxes they wanted their Firefox browser to have.
At the time, Mozilla argued that even though this architecture was not as strict as Chrome’s “one process for each tab or extension” architecture, this was an advantage due to the lower memory requirements. Chrome has long been criticized for using too much memory.
However, it now seems that both Google and Mozilla have learned that these architectures were not strict and secure enough and that the isolation will need to go even deeper to a more granular level within a website’s content. In a world where most CPUs don’t come with hardware mitigations against speculative attacks, this is what is now required to protect users properly.