|Linux sandboxing improvements in Firefox 60|
|By Thom Holwerda on 2018-05-11 18:36:45|
Continuing our past work, Firefox 60 brings further important improvements to security sandboxing on Linux, making it harder for attackers that find security bugs in the browser to escalate those into attacks against the rest of the system.
This means that content processes have to follow any network access restrictions Firefox imposes - for example, if the browser has been set up to use a proxy server, connecting directly to the internet is no longer possible. But more important are the restrictions on connections to local services: they often assume that anything connecting to them has the full authority of the user running it, and either allow it to ask for arbitrary code to run, or aren't careful about preventing that. Normally that's not a security problem because the client could just run that code itself, but if it's a sandboxed Firefox process, that could have meant a sandbox escape.
- Extensions in Firefox 59 - 2018-01-27
- Firefox is on a slippery slope - 2017-12-17
- How Firefox got fast again - 2017-11-13
- The story of Firefox OS - 2017-03-03
- More related articles