Firefox’s new Site Isolation Security Architecture

Online there are plenty of untrustworthy websites that could overpass the initial security in your primary browser. Which is why Firefox developed a new Site Isolation Security. With the main purpose of preventing malicious websites from accessing or stealing information from your accounts on other websites. 

The process of site Isolation security is separating web contents and loading each sites in their own sandbox, which limits the sites to their own operating system process.  This process allows Mozilla to separate codes coming from different sites and prevent hostile sites from accessing information from sites you’ve visited.

For instance, whenever you are trying to sign up on a website and it requires personal or sensitive information, you would want to be assured that your information is not accessible to anyone else but yourself. Site Isolation is your second line of defense, the first line of defense enforces numerous security mechanism which prevents malicious actors from accessing your personal data which is all possible because of the Same Origin policy.

However, because of security bugs and with the web evolving,  malicious actors are learning new ways to bypass the rules and attack other sites. And this is where site isolation security comes handy, admittedly it is important to provide protection on application layers, however there is a need to separate the memory space for different sites. In 2018 researchers have discovered two vulnerability the Meltdown and Spectre. These vulnerabilities, if well exploited, could allow a rogue process to read all memory and reveal private data to attackers. Researchers were able to demonstrate that untrusted code can access and read memory anywhere within a process’ address space.

The demonstration that they have conducted proved just how important it is to reconstruct and develop the security process in any browser. Without site isolation, it becomes easy for these malicious sites to gain access to information in sites that contains private and personal data.


Categorized as Blog