canmove, Confirmed users
1,220
edits
Security/Sandbox/Hardening: Difference between revisions
→Background
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) |
||
| Line 3: | Line 3: | ||
The basis of the Firefox security sandbox model is that web content is loaded in "Content process", separate from the trusted Firefox code which runs in the "Chrome process" (also called the "parent" process). Content processes execute in a sandbox which limits the system privileges so that if a malicious web page manages exploits a vulnerability to execute arbitrary code it will be unable to compromise the underlying OS. | The basis of the Firefox security sandbox model is that web content is loaded in "Content process", separate from the trusted Firefox code which runs in the "Chrome process" (also called the "parent" process). Content processes execute in a sandbox which limits the system privileges so that if a malicious web page manages exploits a vulnerability to execute arbitrary code it will be unable to compromise the underlying OS. | ||
[[File:Sandbox Hardening.png]] | [[File:Sandbox Hardening.png|framed|none|Process Model]] | ||
The sandboxed child processes (red borders) include the content processes (web, file & extension) and several other child processes: | The sandboxed child processes (red borders) include the content processes (web, file & extension) and several other child processes: | ||