Mozilla is experimenting with a new feature for Firefox that’s intended to improve security by isolating each site’s content within its own sandbox. As ZDNet explains, site isolation was first deployed in Chrome back in 2018, but has only now become available for testing in Firefox.
So why is site isolation important? In theory, websites shouldn’t be able to access data from one another, but bugs happen, and it’s possible that a malicious site could use a security vulnerability to access sensitive data from another site open at the same time.
Google rolled out site isolation with Chrome 67 in 2018, which happened to coincide with the discovery of the Spectre and Meltdown CPU security flaws. These could have allowed hackers to access private information including passwords and encryption keys (a risk known as a side-channel attack), and had been present in chip designs for over 20 years.
Following the discover of Meltdown and Spectre, Mozilla announced that it would be following in Google’s footsteps with an internal project called Project Fission, which would also add site isolation to Firefox.
The project has been a long process involving major code re-writes, but site isolation is at last available to users running Firefox Nightly. You can test it using the following instructions (bearing in mind that Firefox Nightly is an unstable build and shouldn’t be used as your main browser):
- Download and install Firefox Nightly
- Open Firefox Nightly and click the menu button at the top right
- Select ‘Options’, then click ‘Nightly Experiments’
- Check the box marked ‘Fission (Site Isolation)’
- Restart the browser