Security/Sandbox/Hardening: Difference between revisions

The basis of the Firefox security sandbox model is that web content is loaded in "Content process", separate from the trusted Firefox code which runs in the "Chrome process" (also called the "parent" process). Content processes execute in a sandbox which limits the system privileges so that if a malicious web page manages exploits a vulnerability to execute arbitrary code it will be unable to compromise the underlying OS.

The sandboxed child processes (red borders) include the content processes (web, file & extension) and several other child processes:

The goal of hardening is to make  the browser resilient, even when a content process is compromised. Having a strong sandbox in place is no use, if a weak trust model or IPC implementation flaw leads to trivial privilege escalation:  

To harden the browser against this sort of sandbox bypass, several efforts are underway: