Seirdy
commented
2 years ago Other issues referenced something similar:
- FF rolled out the Win32k lockdown (#61)
- FF no longer exposes X11 to the content process (#59)
Open Seirdy opened 2 years ago
Seirdy
commented
2 years ago Other issues referenced something similar:
TheW0LVERIN3
commented
1 year ago @madaidans-insecurities ping
The central thesis of the Firefox versus Chromium article still stands, but some details have changed to narrow the gap between the two.
The most significant one: Mozilla has been working on a "utility process overhaul". You can see it at work in
about:processes. They've shipped a separate network process for a while. Recently in Firefox 102 (the next ESR), they also moved audio decoding to the utility process.They've also enabled ACG on the utility process.
Regarding oxidation: Firefox has been parsing untrusted content with Rust for a few years now, which is probably one of the best use-cases for a memory-safe language. Their ISO Base Media Format and CSS parsers are written in Rust. Given that CSS is the least-likely resource to be stopped by a CSP and SRI (the vast majority of sites allow unsafe-inline CSS and SecurityHeaders is actually planning on relaxing that requirement), I think it's worth treating it as a bit more dangerous strictly from the perspective of a browser's parser.
On the other hand, two areas I think are worth more attention on are Firefox's lack of PID namespace isolation and eventually the lack of good JITSploitation mitigations once Chromium rolls out its virtual memory cage. Safari already has one in its JIT-specific allocator.