Firefox to get a 'site isolation' feature, similar to Chrome

Mozilla announces Project Fission, a project to add true multi-process support to Firefox.

After a year of secret preparations, Mozilla has publicly announced plans today to implement a "site isolation" feature, which works by splitting Firefox code in isolated OS processes, on a per-domain (site) basis.

The concept behind this feature isn't new, as it's already present in Chrome, since May 2018, when Google began to slowly roll it out to all customers, reaching a 99 percent userbase coverage by July of the same year.

Also: Online security 101: Tips for protecting your privacy

Chrome's Site Isolation feature was designed as a security mechanism for the Chrome browser years before its release, but it's rollout coincided with the public disclosure of the Meltdown and Spectre CPU flaws, which the Site Isolation fully mitigated, even if it was never its primary purpose.

Mozilla, which also delivered Meltdown and Spectre patches in the form of reducing the accuracy of various JavaScript functions inside Firefox, saw Google's approach to the CPU flaws as superior, as it also helped prevent future similar exploits and many more other security issues.

In a newsletter today, Mozilla developer Nika Layzell, said the organization started working on a similar site isolation mechanism last year --in a project codenamed internally as Project Fission.

"Over the last year, we have been working to lay the groundwork for Fission, designing new infrastructure," Layzell said. "In the coming weeks and months, we'll need help from all Firefox teams to adapt our code to a post-Fission browser architecture."

The post-Fission browser architecture Layzell is referring to is similar to how Chrome works right now. Mozilla devs, too, plan to isolate each website the user is accessing into a separate process.

Currently, Firefox comes with one process for the browser's user interface, and a few (two to ten) processes for the Firefox code that renders the websites.

With Project Fission, these latter processes will change, and a separate one will be created for each website a user is accessing.

This separation will be so fine-grained that just like in Chrome, if there's an iframe on the page, that iframe will receive its own process as well, helping protect users from threat actors that hide malicious code inside iframes (HTML elements that load other websites inside the current website).

Site Isolation in Chrome

Site Isolation in Chrome

Image: Google

Project Fission is no small task, and Layzell, which serves as the Project Fission Tech Lead, says it will take years and a monumental amount of work from all Firefox development teams to adapt the browser's core for a truly multi-process architecture.

There is no estimated time of arrival (ETA) for Project Fission, but Layzell hopes that Firefox devs will complete a first development phase by the end of this month.


Must read


"Our first milestone, 'Milestone 1' (clever, I know), is currently targeted for the end of February," he said. "In Milestone 1, we plan to have the groundwork for out-of-process iframes, which encompasses some major work."

Layzell will be keeping Firefox users up to date with work on Project Fission in a newsletter he'll be publishing on his GitHub site.

More browser coverage: