Features/Security/Low rights Firefox: Difference between revisions

Features/Security/Low rights Firefox (view source)

475 bytes added , 8 March 2012

no edit summary

Confirmed users

717

edits

@@ Line 13: / Line 13: @@
 * Need a broker for certain operations (filesystem, some networking, device access, maybe WebGL and some audio/video)
 |Feature overview=As Electrolysis (e10s) is current shelved, we could obtain a lot of security benefit from implementing a simpler whole-process sandbox by reducing the runtime privileges of the entire Firefox process.
+|Feature dependencies=Related bugs
+Sandboxing in general: https://bugzilla.mozilla.org/show_bug.cgi?id=730956
+OS X 10.5 Sandbox: https://bugzilla.mozilla.org/show_bug.cgi?id=387248
+Other references
+http://www.chromium.org/developers/design-documents/sandbox
+https://blogs.adobe.com/asset/2010/10/inside-adobe-reader-protected-mode-part-1-design.html
+https://blogs.adobe.com/asset/2010/10/inside-adobe-reader-protected-mode-%E2%80%93-part-2-%E2%80%93-the-sandbox-process.html
 |Feature requirements=To obtain security benefits this would need to prevent persistent compromise of the local system.
 In addition it would be desirable to prevent transient (read) compromise of the local system.
 |Feature non-goals=*Cross-domain and other intra-browser attacks (browsing history, passwords, cookies, etc) will not be mitigated.
 *Plugins are not affected as they cannot be run in low rights without their cooperation (ie. code changes)