Firefox

Firefox 57, set to be released tomorrow, will ship with improvements to the browser's sandbox security feature for Linux users.

The Firefox sandboxing feature isolates the browser from the operating system in a way to prevent web attacks from using a vulnerability in the browser engine and its legitimate functions to attack the underlying operating system, place malware on the filesystem, or steal local files.

Chrome has always run inside a sandbox. Initially, Firefox ran only a few plugins inside a sandbox — such as Flash, DRM, and other multimedia encoding plugins.

In 2016, Firefox received support for running in multiple processes. Mozilla engineers split the browser UI process from the web page rendering operations.

The latter received a sandbox, which Mozilla improved with every release. Because Windows and Linux are different operating systems and most of the Firefox userbase is on Windows, Mozilla focused on improving the Firefox sandbox for Windows first.

Sandbox feature updated to catch up with Firefox for Windows

In Firefox 57, the Firefox sandbox feature will receive improvements to put it on similar levels of protections as the Windows version.

"The content process - that is the one that renders the web pages from the internet and executes JavaScript - is now blocked from reading large parts of the filesystem, with some exceptions for libraries, configuration information, themes and fonts. Notably, it is no longer possible to read private information in the home directory or the Firefox user profile, even if Firefox were to be compromised," said Gian-Carlo Pascutto, one of the Mozilla engineers who worked on the feature.

Because Firefox is still intertwined with the GTK user interface, the Firefox web rendering process is still allowed to read from the filesystem in various situations.

"Rather than postpone the security improvements till this is reworked, we've elected to work around this by allowing a few very specific locations through," Pascutto said.

New about:config options added

"Due to the infinite configurability of Linux systems, it's always possible there will be cases where a non-standard setup can break things, and we've kept Firefox configurable, so you can at least help yourself, if you're so inclined," the developer added.

The Firefox team has added new parameters to the Firefox about:config configuration panel that Linux users can tweak in case some web pages don't display as they did before the user updated to Firefox 57.

security.sandbox.content.level

This parameter allows users to disable the sandbox when set to 0. When enabled, this parameter has three values — 1, 2, and 3 — detailed in the table below.

Job Level What's Blocked by the Sandbox?
Level 1
  • Many syscalls, including process creation
Level 2
  • Many syscalls, including process creation
  • Write access to the filesystem
    • Excludes shared memory, tempdir, video hardware
Level 3
  • Many syscalls, including process creation
  • Write access to the filesystem
    • Excludes shared memory, tempdir, video hardware
  • Read access to most of the filesystem
    • Excludes themes/GTK configuration, fonts, shared data and libraries

security.sandbox.content.read_path_whitelist

This parameter allows users to add new directory paths that Firefox is allowed to read data from. Users should be careful when adding new folders to this list. They should make sure the directory only contains libraries that Firefox needs and not personal data that malware or attackers can scan and steal.

security.sandbox.content.write_path_whitelist

Similar to the above, only this parameter allows users to decide to what folders can Firefox write data.

security.sandbox.content.syscall_whitelist

This parameter allows users to whitelist what previously blocked system calls can Firefox make.