Re: a sandboxed Firefox

Thu, 26 Jul 2012 01:43:15 -0700 

Hi Ian,

Do you know how other people have solved this with Firefox?
I've used 'packaged' sandboxed browsers before (I think theyre a really good idea) - cant remember which ones but a quick google came up with http://spoon.net/browsers/ (which I've not yet used, but also looks like a really neat way of testing old browser versions!). Just done a bit more googling and found this explanation of spoon.net: http://en.wikipedia.org/wiki/Spoon_%28software%29 


A few thoughts - no idea how practical these are due to my woeful 
knowledge of Firefox internals:


 * Can we fake filesystem / registry access so addons that access those
   wont crash (but might not work as expected)?
 * Would it be possible to have sandboxing as a profile option, so when
   you create a new profile you can select if it should be sandboxed?
 * Can we detect which addons use 'unsafe' features and disable them in
   sandboxed mode?
 * If not we could disable all addons in sandboxed mode.
 * And going one step further I think we should have finer grain
   controls for addons (eg like Android apps). Could this be one step
   along the way? In other words addons need to say if they will run in
   the sandbox (even better if we can check that) otherwise they will
   be disabled, which will be the default.

Cheers,

Simon

On 26/07/2012 00:12, Ian Melven wrote:

Hi,

Marshall Moutenot and myself have been researching the idea of sandboxing the 
Firefox.exe process,
starting on Windows.

some of the issues and risks and our current plan can be found on the freshly 
updated feature page at
https://wiki.mozilla.org/Features/Security/Low_rights_Firefox

comments/feedback welcome !

thanks,
ian

_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security


--
Simon Bennetts
Mozilla Security Team
Twitter:  https://twitter.com/#!/psiinon

"The confidence that people have in security is inversely proportional to how much 
they know about it."

_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security






















					Reply via email to