With the launch of Project Fission, Mozilla hopes to make its Firefox browser resistant to future side-channel attacks once and for all. We first met that last year in the form of Spectre and Meltdown.
Early last year, Spectre and Meltdown introduced a new category of side-channel attacks that exploit speculative execution. The technique has been used for years to speed up cpus and is an inherent part of modern processor architectures.
Spectre-like attacks can be used to steal particularly sensitive information, such as passwords or encryption keys. A solid solution requires a complete rethinking of fundamental technology to which we owe a large part of the performance gains of recent years.
Future-oriented security
Mozilla, like many other tech companies, responded quickly to the immediate threat of Spectre and Meltdown, but that didn’t solve the problems. The patches did not protect against future similar attacks, which were not long in coming. With Project Fission, Mozilla thinks it has found the answer to finally protect Firefox from this threat.
Fission has been in development for several months now and would almost be ready for a Milestone 1-release later this month. Firefox engineer Nika Layzell will let you know in a newsletter.
We want to build a browser that not only protects against known security vulnerabilities, but also has built-in defenses against potential future vulnerabilities. To achieve this, we need to renew the Firefox architecture and support full site isolation, explains Layzell.
Nuclear Fission
In a way, Fission is building on Electrolysis. This is a project from a few years ago in which the browser was divided into different processes in order to increase security and performance. In science, during an electrolysis, a compound substance is divided into single substances. Fission, or nuclear fission, goes even further. Layzell: With Fission we will split the atom and split cross-site iframes into different processes than their parent frame.
In concrete terms, individual websites are divided into separate calculation processes, a process called site isolation. Google has been doing this for some time now with its Chrome browser. Each site that you visit is accommodated in its own process and strictly separated. This offers clear security advantages, but also has the main disadvantage of higher memory consumption. In order to tackle this problem, Mozilla is running the related Fission Memshrink project.
Fission is a huge project in which several teams within Mozilla are involved. It requires almost every component of the browser to be reviewed. Mozilla can’t say when Fission will be fully available yet, but will start adding elements to Firefox Nightly as soon as they’re ready. Nightly is the test version of the Firefox browser.
Related: The curse of Spectre: Why does it keep haunting you and Intel?
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.