Firefox 54 delivers sandboxes Mozilla's wanted since 2009
Project Electrolysis means Firefox spawns four processes and shares them between tabs
Mozilla has released version 54 of its Firefox browser and in so doing delivered long-promised sandboxing technology.
Firefox has been pondering multiple processes for different tabs since 2009 and named its effort Project Electrolysis in 2015 before introducing the technology to Firefox 48 in August 2016. The organisation has been gradually rolling it out ever since, exposing more users with each Firefox release. And now, with Firefox 54's Tuesday debut, “multiple content processes” - aka “E10S” - are now a standard feature.
As Mozillan Ryan Pollock explains, “Firefox now creates up to 4 separate processes for web page content. So, your first 4 tabs each use those 4 processes, and additional tabs run using threads within those processes. Multiple tabs within a process share the browser engine that already exists in memory, instead of each creating their own.”
Google's Chrome has used one process per tab since its launch, but Mozilla argues that Chrome's habit of spawning a discrete browser engine for each tab consumes wasteful quantities of memory and slows computers. Firefox's new approach, it suggests, will therefore make computers behave better by leaving more free RAM for other apps and the OS. And when we say “computers” we mean desktops and Android devices, as E10S has landed in Firefox for Android too.
Version 54's otherwise an unremarkable release, but of course includes some security fixes , among them three Critical-rated flaws. CVE-2017-5472 sees CSS layouts capable of creating an exploitable crash in the browser. CVE-2017-5470 and CVE-2017-5471 are memory safety bugs that could allow arbitrary code execution. There's also a dozen high-severity bugs to consider on the list here. Firefox for desktops can be had here and the Android app is here. ®
Sponsored: Becoming a Pragmatic Security Leader