Skip to content

Firefox hardening progress

Noted by on his . Last updated . Changelog


In the past couple of years, Firefox made significant security-related progress.

Firefox’s multi-process architecture was overhauled, starting with a utility process overhaul. This has improved privilege separation by moving networking, audio, and other ancillary functions to a separate process. They also enable Arbitrary Code Guard (ACG) for the utility process on Windows, and plan to do something similar on macOS. They don’t (yet) emulate ACG on Linux.

They’ve rolled out a separate GPU process on some platforms; the roll-out will likely finish this year.

Regarding toolchain hardening: Chromium official builds use Clang’s CFI sanitizer; Firefox doesn’t. However, a subset of Firefox’s libraries support RLBox sandboxing. This isn’t a complete solution, but is still a welcome change. The Tor Browser disables libgraphite on the “safer” security level due to security concerns which RLBox may have addressed.

I’m looking forward to seeing PID namespace isolation at some point.

Regarding JIT-related exploit mitigations, Firefox is still quite far behind; I recommend Firefox users to disable JIT in about:config (see note 25 of Best practices for inclusive textual websites). This is partly related to malloc differences: JavaScriptCore has a malloc with a virtual memory cage, and V8 is currently working on one. As long as Firefox users are better served by disabling JIT: I’d like to see ACG enabled in the JIT-less content process (Chromium does this), and emulated on Linux (Edge does this, and so did Hexavalent).