14 DAY TRIAL // Mozilla is currently working on a new security feature for Firefox that would help the browser deal with speculative side-channel attacks like Meltdown and Spectre.
Discovered in January 2018, these vulnerabilities triggered an instant reaction from software and hardware companies across the world, with Mozilla shipping its own set of updates to make sure users were protected.
But at the same time, the company says the existing browsing tech can be further improved not only to block known attacks, but also to prevent similar attempts in the future. And this is an area that Mozilla is currently focused on.
A new effort known as Project Fission is supposed to provide Firefox users with an improved version of Google Chrome’s Site Isolation feature, which could help the browser block speculative side-channel attacks when they occur.
First milestone due in late February
In the first newsletter of the Fission team, Mozilla provides a technical description of its efforts in this regard, revealing that work on this started one year ago.
“We aim to build a browser which isn't just secure against known security vulnerabilities, but also has layers of built-in defense against potential future vulnerabilities,” it says.
“To accomplish this, we need to revamp the architecture of Firefox and support full Site Isolation. We call this next step in the evolution of Firefox’s process model "Project Fission". While Electrolysis split our browser into Content and Chrome, with Fission, we will "split the atom", splitting cross-site iframes into different processes than their parent frame.”
The Project Fission team says the first stage has already been finalized and the initial infrastructure groundwork is complete, so the next target is a first milestone landing later this month.
Google Chrome’s Site Isolation was available as an experimental feature in version 64, which was the newest release at the time when the Meltdown and Spectre flaws were discovered. However, this approach proved to be effective, as it technically isolated all websites and created a dedicated process for each, preventing any possible leak that could have occurred.