Firefox 54 delivers sandboxes Mozilla's wanted since 2009

Project Electrolysis means Firefox spawns four processes and shares them between tabs

By Simon Sharwood, APAC Editor

Posted in Software, 14th June 2017 04:58 GMT

Mozilla has released version 54 of its Firefox browser and in so doing delivered long-promised sandboxing technology.

Firefox has been pondering multiple processes for different tabs since 2009 and named its effort Project Electrolysis in 2015 before introducing the technology to Firefox 48 in August 2016. The organisation has been gradually rolling it out ever since, exposing more users with each Firefox release. And now, with Firefox 54's Tuesday debut, “multiple content processes” - aka “E10S” - are now a standard feature.

As Mozillan Ryan Pollock explains, “Firefox now creates up to 4 separate processes for web page content. So, your first 4 tabs each use those 4 processes, and additional tabs run using threads within those processes. Multiple tabs within a process share the browser engine that already exists in memory, instead of each creating their own.”

Google's Chrome has used one process per tab since its launch, but Mozilla argues that Chrome's habit of spawning a discrete browser engine for each tab consumes wasteful quantities of memory and slows computers. Firefox's new approach, it suggests, will therefore make computers behave better by leaving more free RAM for other apps and the OS. And when we say “computers” we mean desktops and Android devices, as E10S has landed in Firefox for Android too.

Version 54's otherwise an unremarkable release, but of course includes some security fixes , among them three Critical-rated flaws. CVE-2017-5472 sees CSS layouts capable of creating an exploitable crash in the browser. CVE-2017-5470 and CVE-2017-5471 are memory safety bugs that could allow arbitrary code execution. There's also a dozen high-severity bugs to consider on the list here. Firefox for desktops can be had here and the Android app is here. ®

Sign up to our NewsletterGet IT in your inbox daily

63 Comments

More from The Register

Get the FTP outta here, says Firefox

Apparently someone still uses src to suck content into web pages from FTP servers

Mozilla wants to seduce BOFHs with button-down Firefox

Control. Control. Control

Google Play Protect is 'dead last' at fingering malware on Android

Don't expect ads giant to stop all software nasties for you – it certainly can't

It's 2018 and… wow, you're still using Firefox? All right then, patch these horrid bugs

OG open-source darling gets security check-up

Unsanitary Firefox gets fix for critical HTML-handling hijack flaw

Versions 56 through 58 need patching, pronto

Banking trojan-slingers slip past Google Play's malware defences

BankBot nestled within allegedly 'fun' mobile game

The Quantum of Firefox: Why is this one unlike any other Firefox?

Interview 57: Mozilla's big bid for relevance

Another month, another malware outbreak in Google's Play Store

50 apps get pulled as ExpensiveWall malware runs riot in the store

More ad-versarial tech: Mozilla to pop limited ad blocker into Firefox

Deteriorating web prompts browser maker to take a stand

Mozilla and Yahoo! trade sueballs over Firefox-Google search deal

'Your search is trash and you stopped paying ' vs. 'we had a deal you can't walk away from'