Site Isolation is a modern browser security feature that works by separating each web page and web iframes in their own operating system process in order to prevent sites from tampering or stealing with each other's data.
The feature was first deployed with Google Chrome in mid-2018, with the release of Chrome 67.
Although initially, Site Isolation was meant to be deployed as a general improvement to Chrome's security posture, the feature came just in time to serve as a protective measure against the Spectre vulnerability impacting modern CPUs.
For both Google and Mozilla, implementing Site Isolation was a time-consuming operation, requiring engineers to re-write large chunks of their browsers' internal architecture.
The process took about two years for both Google and Mozilla.
While Site Isolation is now a stable feature inside Chrome, this work is now nearing its completion inside Firefox.
According to an update to the Project Fission wiki page, Site Isolation can now be enabled inside versions of Firefox Nightly, the Firefox version where new features are tested.
To enable it, Firefox users must:
- Access the about:config page
- Set the "fission.autostart" and "gfx.webrender.all" prefs to "true".
- DO NOT edit any other "fission.*" or "gfx.webrender.*" prefs.
- Restart Firefox Nightly.
Once enabled, users can test if Site Isolation is active by hovering their mouse over a Firefox tab. If enabled, the tooltip will show the [F] indicator that Fission is active, along with the PID — the OS process ID for each Firefox tab.
According to Mozilla, Site Isolation has been in testing since September and is expected to reach the stable branch in the first half o 2021, with the feature currently being tested by extension developers to ensure that Firefox add-ons aren't affected by the upcoming changes.
According to the Fission wiki page, once activated for all users, Site Isolation will increase the amount of memory Firefox uses, but Firefox devs are currently working on reducing this memory footprint as much as possible, so Fission wouldn't impact the browser's overall performance.