this post was submitted on 12 Jul 2023
1051 points (99.3% liked)
Firefox
17910 readers
217 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Great, now implement modern exploit mitigations and sandboxing like Chrome uses. Firefox is objectively less resistant to exploitation. Some Firefox security has improved since the article was written, such as some sandboxing on Windows, but it's definitely not as mature.
I'm not writing that Firefox is insecure. Security is very important to Firefox! However, Chrome has had more work done in the realm of browser hardening.
That is fair, but Chrome is undeniably more open to corporate exploitation. See things like the dramatically reduced utility of ad blockers on Chromium browsers.
I guess it depends on who you see as the greater threat at present.
This is why I use Firefox! For freedom.
I might start using Firefox when I will get a laptop later. Currently using Vivaldi for Android
I think it's already on par with Chromium, most attack won't work with sandboxing that introduced to firefox, and mostly now each site/iframe have it's own process, so it's on par with chrome, imho
As a security researcher, running each site in its own process isn't enough. Chrome has a much stronger multiprocessing model on most platforms. For example, Chrome on Android sandboxes between processes whereas Firefox simply relies on the built-in Android sandbox, which provides limited protection between these processes. It's much easier to break out of the sandbox in Firefox because it's easier to move laterally, for one. Those processes have to communicate with each other at some point.
But, don't believe me just because I claim any sort of credential on the Internet. It's such a difference in security that GrapheneOS strongly discourages using Firefox for its weak implementation in addition to the link I provided above. From the link:
I love Firefox. I use it anyway. It's not insecure. But it's absolutely not as secure because it lacks modern exploit mitigations. Running process per site is an improvement but it's still less secure than the architecture used in Chrome.
EDIT: Sound less entitled.
I can't speak for Android, it's long way to go for sure, but on desktop, it's great. And for Fedora PhoneUI / Phosh seems already working because it's linux ootb.
in short android not included I suppose. They have custom multiple process sandbox, but last time I enable it, it broke everything in nightly
@garam
Firefox is not that bad 4 android, not that brilliant either
@henfredemars
Well, for me it's great, but if we talk about sandboxing, it's not there, not even in nightly, but it's useful for me for day to day task, almost anything in Android