Mozilla’s advanced site isolation now available for testing

Jun 24, 2019 09:37 GMT  ·  By

The latest Nightly build of Firefox adds support for a new feature called Fission and supposed to improve security when browsing the web by running cross-site iframes into different processes.

Similar capabilities are already bundled into other browsers, like Google Chrome, and most tech-savvy users know it as “Site Isolation.”

Technically, a feature like site isolation helps block exploits relying not only on existing security flaws, but also on undisclosed vulnerabilities which hackers could use to break into systems.

The turning point for site isolation was January 2018 when the Meltdown and Spectre vulnerabilities first made the headlines, proving that additional efforts from the entire industry were necessary to protect users, even against unknown flaws.

Site Isolation is already enabled in Google Chrome, and now Mozilla seems to be getting closer to enabling Fission in Firefox. The feature has recently made its way to Firefox Nightly, and testers can give it a try right now.

Project Fission was first announced in February 2019, and Nika Layzell, a platform engineer working on Gecko, the engine behind Firefox, explains the purpose of this new implementation.

“We aim to build a browser which isn't just secure against known security vulnerabilities, but also has layers of built-in defense against potential future vulnerabilities. To accomplish this, we need to revamp the architecture of Firefox and support full Site Isolation. We call this next step in the evolution of Firefox’s process model "Project Fission". While Electrolysis split our browser into Content and Chrome, with Fission, we will "split the atom", splitting cross-site iframes into different processes than their parent frame.”

For a more technical analysis of Fission, I recommend you to read Nika Layzell’s blog post here.

Fission flags in Firefox

While Project Fission is still a work in progress, you can already give it a try by enabling it in the latest Firefox Nightly. The version that comes with this early implementation is 69.0a1 (2019-06-23) (64-bit).

To enable Fission, you need to use the advanced flags screen in Firefox Nightly, as a dedicated option in settings isn’t available just yet. So first, launch the browser, and in the address bar type the following command:


about:config
Next, you need to use the search box at the top to look for Fission flags, so just type this:
fission
At this point, there are several Fission-related flags, as it follows:  
fission.autostart
fission.frontend.simulate-events
fission.frontend.simulate-messages
fission.preserve_browsing_contexts
fission.rebuild_frameloaders_on_remoteness_change
The one that you’re going to use is:
fission.autostart
This flag is currently set to False, so double-click the Toggle button to switch it to True.
False = Disabled
True = Enabled
What’s very important to know is that Fission can break down some websites and even cause the browser to crash. As per this reddit thread, users are experiencing different behaviors with Fission enabled in the browsers. Some claim the browsing is even faster after turning on this feature, but others complain that it crashes the app or some sites no longer load.

Needless to say, not only that Firefox Nightly is an experimental build of Firefox browser, but Fission itself is still in its early days, so it’s pretty clear that it needs more tuning before going live for everyone. This is the reason Mozilla is just trying to test its reliability as part of the Nightly builds before rolling it out for everyone else.

Mozilla hasn’t provided a release target for Fission, and it’s a good thing that the company spends more time for thorough testing before the public launch. If the testing advances properly, expect Fission to be promoted to beta builds in the coming weeks or months.

Photo Gallery (2 Images)

Fission could debut in Firefox 69
Fission flags in Firefox
Open gallery