Did Firefox Stable for Android ever add Site Isolation? (lemmy.ml)

submitted 2 weeks ago* (last edited 2 weeks ago) by DreitonLullaby@lemmy.ml to c/firefox@lemmy.ml

41 comments fedilink hide all child comments

I heard around the internet that Firefox on Android does not have Site Isolation built-in yet. After a little bit of research, I learned that Site Isolation on Android was added in Firefox Nightly, appearing to have been added sometime in June 2023. What I can't find, though, is whether this has ever been added to any stable versions of Firefox yet. Does anyone know anything about this?

Update: After further research, it appears that Site Isolation is not currently a feature in stable version of Firefox on Android. I don't know with certainty if their information is up-to-date, but GrapheneOS (A well-known privacy/security-focused fork of Android) does not recommend using Firefox-based browsers on Android due to it's (apparently) lack of a Site Isolation feature. A snippet of what Graphene currently have to say about Firefox on Android/GrapheneOS from their usage guide page, is: "Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface."

On a side-note, they also say about Firefox's current Site Isolation on desktop being weaker, which I wasn't aware of. "Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole."

all 50 comments

sorted by: hot top controversial new old

[-] sabreW4K3@lazysoci.al 27 points 2 weeks ago

It's still being worked on. https://bugzilla.mozilla.org/show_bug.cgi?id=1565196

[-] boredsquirrel@slrpnk.net 31 points 2 weeks ago* (last edited 2 weeks ago)

Lol

Bug with high priority
A person clones it, assigns themselves
doesnt have time, unassigns themselves
Priority gets set lower
A guy wants to work on it
That guy doesnt work at Mozilla anymore
The bug went from priority P5 to P1 and doesnt block anything anymore

This is really bad. Especially as it seems like not that big of a change.

[-] ahal@lemmy.ca 8 points 1 week ago* (last edited 1 week ago)

doesnt have time, unassigns themselves

Because someone else took over, as the person even says in a comment.

Priority gets set lower

Priority got set back to the priority it was at 4 minutes before. The priority being changed was clearly a mistake.

A guy wants to work on it

That guy doesnt work at Mozilla anymore

OK?

The bug went from priority P5 to P1 and doesnt block anything anymore

It got retriaged. There are processes for this and it's totally normal.

This is really bad. Especially as it seems like not that big of a change.

No it really isn't bad at all. And it's a massive change, the linked bug is a meta bug which means it is simply used to track the actual work. See all the bugs in the depends on section? That's where the real work happens and there has been a ton of progress made.

Also believe it or not, lots of discussion happens outside of bugs. You really have no idea what is going on just by looking at bug activity.

[-] chris@lemm.ee 15 points 2 weeks ago

Man, 5 years. I know nothing about building a browser, but that seems… Long.

[-] jherazob@fedia.io 5 points 2 weeks ago

The answers linked above mention this one

[-] sabreW4K3@lazysoci.al 4 points 2 weeks ago

That's the bug that laid the groundwork

[-] Vincent@feddit.nl 11 points 2 weeks ago

Was also asked about and answered in the recent AMA on reddit:

[-] JameUwU@lemmy.ml 3 points 1 week ago

RedLib links for privacy folks:

https://libreddit.bus-hit.me/r/firefox/comments/1de7bu1/comment/l8gq5hq/ https://libreddit.bus-hit.me/r/firefox/comments/1de7bu1/comment/l8gawuc/

[-] sunzu@kbin.run 6 points 2 weeks ago

What is the actual risk here?

[-] DreitonLullaby@lemmy.ml 5 points 2 weeks ago

I'm no professional, but from my research I've been doing, it appears that the risk (at least one of them) is that a hacker could in theory create a website that exploits this vulnerability. If you access their website, their site could be capable of stealing sensitive information from the other Firefox tabs that you may have loaded on the side, at any given time.

[-] sunzu@kbin.run 5 points 2 weeks ago* (last edited 2 weeks ago)

Seems like pretty big risk... Wtf how is this still a thing?

Kinda makes hard to keep telling people to switch

[-] TrickDacy@lemmy.world 5 points 2 weeks ago

What they said isn't exactly true. The actual concerns are far more narrow than the way they worded it

[-] sunzu@kbin.run 4 points 2 weeks ago* (last edited 2 weeks ago)

it would be nice if you would narrow it down for everybody while we are here?

[-] TrickDacy@lemmy.world 2 points 2 weeks ago

Well I'm not an expert and I don't feel like digging up all the specifics but the concerns generally are cookies. The person who replied here made it sound like Mozilla is letting websites steal your credit card number from open tabs or something

[-] LWD@lemm.ee 3 points 2 weeks ago* (last edited 2 weeks ago)

I too have a hard time telling whether the isolation features is a huge security risk or a minor one because things get too technical too quickly for me to follow.

Case in point, this website makes it sound relatively trivial just due 8 how technical it is (Ctrl+F for Firefox)

https://grapheneos.org/usage#web-browsing

[-] TrickDacy@lemmy.world 3 points 2 weeks ago

Yeah, the graphene people hate Firefox, but I don't really put too much stock in their opinion because there are places where they mention it in an alarmist way imo

[-] sunzu@kbin.run 1 points 2 weeks ago

While I respect the work that they have done, leader handling of Lois rossmann was out of line.

I am not really sure what his deal is or was, but he should stay away from making public appearances until he learns to behave in public facing situation. The spazzing was uncalled for.

[-] LWD@lemm.ee 2 points 2 weeks ago

I don't like to speculate, but I think it was mental illness, which may have started during the CopperheadOS days (the predecessor to Graphene).

Unfortunately, that does call into question the recommendations on that page, which I already had a little worry about because Vanadium is their thing, of course they're going to recommend it.

But I do genuinely want to know how significant of a risk this lack of isolation and sandboxing causes.

[-] possiblylinux127@lemmy.zip 1 points 1 week ago

He is nuts in general. I would stay far far away from graphene

[-] sunzu@kbin.run 1 points 2 weeks ago

alright i see, that does make more sense but they can still ID with you a cookie on all your concurrent sessions?

i guess this aint a security risk per see but wtf.. why they even need cross site cookies if they can do this.

[-] TrickDacy@lemmy.world 2 points 2 weeks ago

Cross site cookies specifically are the concern here. Other cookies cannot be read arbitrarily

[-] sunzu@kbin.run 1 points 2 weeks ago

i see, i thought they are turn off now by default? or at least there is a setting to block hem.

[-] TrickDacy@lemmy.world 2 points 2 weeks ago

On FF on my android phone, I just checked and "strict" privacy mode is not on so I guess by default cross site cookies may be enabled. Thanks for asking these questions -- I'm setting that to Strict now.

[-] sunzu@kbin.run 1 points 2 weeks ago

You did all the work...

I do keep mine on strict tho

I don't see why it is not set by default tbh prolly breaks some bullshot websites

[-] TrickDacy@lemmy.world 2 points 2 weeks ago

Yeah. Probably due to the fact that people will ignorantly declare firefox broken if they experience something like that. I don't think the standard setting is terrible for privacy either, btw, just a bit more permissive than "strict"

[-] TrickDacy@lemmy.world 2 points 2 weeks ago* (last edited 2 weeks ago)

I'm not certain. The "strict" privacy setting in FF probably does block them. Not sure if it's default or not.

[-] possiblylinux127@lemmy.zip 1 points 1 week ago

Because it is hard to implement

[-] possiblylinux127@lemmy.zip 2 points 1 week ago

If a site can exploit the browser engine they can access other pages. Normally the sandbox would make a exploit stay local

[-] sunzu@kbin.run 1 points 1 week ago

[-] TheAnonymouseJoker@lemmy.ml 6 points 1 week ago* (last edited 4 days ago)

[removed by mod]

[-] sugar_in_your_tea@sh.itjust.works 6 points 1 week ago

Both things can be true. Firefox is less secure in the site isolation area, but that's just a backup to the things Firefox is already doing. Firefox is still plenty secure, though it would be quite nice to have this feature.

I use Mull because it takes the best parts of Tor Browser and ships it through F-Droid. For those unaware, it's basically Firefox with additional privacy settings enabled by default, and it syncs just fine with Firefox browsers.

Yes, don't buy into FUD about Firefox being insecure, but also don't misrepresent the value this feature brings. It's not a must-have for me, but I do very much want it.

[-] TheAnonymouseJoker@lemmy.ml 1 points 1 week ago* (last edited 4 days ago)

[removed by mod]

[-] sugar_in_your_tea@sh.itjust.works 4 points 1 week ago

If site isolation isn't a critical security feature, why would Mozilla implement it and say that it is?

Without Site Isolation, Firefox might load a malicious site in the same process as a site that is handling sensitive information. In the worst case scenario, a malicious site might execute a Spectre-like attack to gain access to memory of the other site.

...

Despite existing security mitigations, the only way to provide memory protections necessary to defend against Spectre-like attacks is to rely on the security guarantees that come with isolating content from different sites using the operating system’s process separation.

So Firefox for Android not having this feature makes it less secure than browsers that do, at least for this class of attack.

Tor Browser being built on Firefox shouldn't imply that Firefox is more secure than anything else, it means Firefox is closest to its requirements, which are a lot more than security features. The two biggest reasons, from what I can glean, are:

LTS release - means users are far more likely to report the same fingerprint and whatnot, and releases only need to be closely scrutinized on major releases; this is an anonymity feature, not a security feature
only needs a handful of patches to meet goals instead of a big reengineering - it says more about Firefox's config options than security features

Don't get me wrong, Firefox absolutely is a secure browser (incl. Android), but it is missing certain security features vs Chromium-based browsers. Tor is more interested in privacy and anonymity than security (though security is still a priority), so pointing at them isn't really a valid argument (it's an appeal to authority at best).

Google is really interested in security, and not interested in privacy or anonymity, because being secure gets orgs interested, and orgs have valuable data and users. If your primary concern is security, you'll probably be better off with Chromium browsers, and that seems to be where Micay is coming from. But if privacy and/or anonymity is your goal, Firefox is easier to configure to meet those goals, and it's pretty secure too.

That's why I use Firefox despite being fully aware of Firefox's security limitations. I'm told per site isolation is in progress on Android, so that's pretty cool.

[-] TheAnonymouseJoker@lemmy.ml 1 points 1 week ago* (last edited 4 days ago)

[removed by mod]

[-] sugar_in_your_tea@sh.itjust.works 2 points 1 week ago

Blocking 3rd party scripts and frames

Yes, there are multiple ways to address a given problem, with different tradeoffs. I don't know the specifics of per-site isolation, but I'm guessing it also protects against non-JS attacks like CSS or HTML-processing attacks, which could trigger those same Spectre/Meltdown-style attacks. That's a pretty niche case, but hopefully it shows that even a good plan has potential holes.

Ideally, we could eat our cake and have it too, and hopefully Mozilla is working on that. In the meantime, you need to decide if you want something more configurable (Tor, you, and I seem to prefer this) and accept tradeoffs, or solve for the general case of scripting enabled (e.g. Chromium's isolation). Micay isn't wrong for his preference, and you and I aren't wrong for ours.

there is no privacy without security

That's close to the truth, but it's a system of degrees. You need enough security to make protecting privacy feasible. But they are separate goals, especially if adding Anonymity into the mix. For example:

secure, but not private or anonymous - Google services; you can't get much better security than gmail, but it's horrendous for privacy because Google's reading your stuff; or a more tangible example, it's like living in a bulletproof glass house
private, but not secure or anonymous - closing the blinds at your house, and not locking doors; nobody can see what you're doing, but home ownership is public record and anyone can walk in
anonymous, but not secure or private - counter-protesting - they don't know who you are, but everyone can see and hear you, and they can come beat you up

But there's a lot of overlap too. Really good privacy often requires pretty good security, especially depending on your threat model. Effective anonymity also requires good security and often provides good privacy. So it's not necessarily wrong to say they're extremely closely related, so I could see it being shortened to "no privacy without security" as a general rule of thumb.

The only method to counter their malicious narrative is nullifying their advice and proposed/developed tools

I disagree on all accounts:

I don't think their narrative is malicious, I think it's overly simplified, which is what you want in a sales pitch
nullifying their advice isn't worthwhile, there's more than one way to solve a problem, and different problems can look similar

Instead of attacking them, I think it's better to provide accurate information that they're omitting. If you aggressively attack something, it puts people who like/support that thing on the defensive (relevant Louis Rossmann video, who you should like because he ripped into Daniel Micay as well). Instead, highlight the benefits of your proposed solution, and limit your criticism of other solutions to only those that negatively impact your target audience.

At least that's my takeaway from various sources (laws of power, how to win friends and influence people, etc).

Fission has existed since many versions as experimental on Android, and I have tried it, but it causes bugs and crashes after using browser for a while.

Yup, it's not ready yet on Firefox, hence why I don't use that experimental feature.

dFPI

Well yeah, Google is an ad company, so they're going to be slow in adopting things that make advertising less effective/gives them less data. I'm guessing they'll implement it once they can effectively use first party cookies to serve ads (would require websites to help).

FPI isn't really a security feature (login cookies and whatnot are first party and thus not sent to third parties), it's a privacy feature. Google doesn't particularly care about privacy, only security.

load more comments (5 replies)

[-] MinekPo1@lemmygrad.ml 3 points 1 week ago

Mozilla has a history of harming me. I've documented this as one more case of attacks from Mozilla to go along with everything else. I see no reason to put up with it or tolerate it. Mozilla should expect that one day they're going to be held accountable. If people at Mozilla aren't aware of the unethical behavior it regularly engages in including an exploitative approach to contributors, they should inform themselves.

- Daniel Micay (im the linked mailing list thread)

it doesn't seem like Micay had feuds previous to 2019 with Mozilla , though I was unable to find what he is referring to unfortunately .

[-] DreitonLullaby@lemmy.ml 1 points 1 week ago

I'm not taking sides because I don't currently have time or energy to look into the issues GrapheneOS and/or Micay may or may not have, but I will say that I don't know how you could think (at least based on the information I referenced from Graphene in my post) that they are saying or implying to people that Firefox is less secure. They did say it was inherently less secure on Android, but not in general. They did say that the Site Isolation feature specifically is less secure even on Desktop, but they didn't say that Firefox as a whole is inherently less secure, just that it currently is on Android. I can see how an average reader may interpret that as Firefox being less secure than Chromium as a whole, but that would simply be their own misinterpretation of what's being said.

and "The moment anyone starts calling Firefox insecure, immediately become alert". Why? Anything is capable of being insecure and Firefox equally so. At any given time, Firefox could have security vulnerabilities (as it does), so it's quite ridiculous to automatically assume that anyone calling Firefox out for being insecure in some way is just Daniel Micay or his "minions"

"Micay and GrapheneOS, and fans/members associated like OP are well known for...". Are you accusing me of being associated with Micay and GrapheneOS, or am I misunderstanding you?

[-] TheAnonymouseJoker@lemmy.ml 1 points 1 week ago* (last edited 4 days ago)

[removed by mod]

[-] DreitonLullaby@lemmy.ml 1 points 1 week ago

I'm not going to argue with you, because I can see it won't accomplish anything good, so I'll just leave it at this:

No, I did not promote the Chromium monopoly, I simply asked a question, about a security issue with Firefox; this is not the same as promotion. If I wanted to promote the monopoly, this post would have been telling people why they shouldn't use Firefox and I would have posted it on a more broad community about Web Browsers and done so on Reddit for the most impact. I'm against this monopoly, and I intentionally go out of my way to not recommend Chromium-based browsers to people. Discussion about issues with something you love is only healthy, not a promotion of another side.

[-] muntedcrocodile@lemm.ee 6 points 2 weeks ago

Shit thats not good if its true

[-] possiblylinux127@lemmy.zip 4 points 1 week ago

Well I personally wouldn't trust anything Graphene says

[-] boredsquirrel@slrpnk.net 3 points 2 weeks ago

Searching for fission (their site isolation is called like that) in about:config on Mull (FF Android 127) didnt give any obvious results

this post was submitted on 18 Jun 2024

59 points (91.5% liked)

Firefox

16767 readers

158 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago

MODERATORS

k_o_t@lemmy.ml