www. O S N E W S .com
News Features Interviews
BlogContact Editorials

Linux sandboxing improvements in Firefox 60
By Thom Holwerda on 2018-05-11 18:36:45

Continuing our past work, Firefox 60 brings further important improvements to security sandboxing on Linux, making it harder for attackers that find security bugs in the browser to escalate those into attacks against the rest of the system.

The most important change is that content processes - which render Web pages and execute JavaScript - are no longer allowed to directly connect to the Internet, or connect to most local services accessed with Unix-domain sockets (for example, PulseAudio).

This means that content processes have to follow any network access restrictions Firefox imposes - for example, if the browser has been set up to use a proxy server, connecting directly to the internet is no longer possible. But more important are the restrictions on connections to local services: they often assume that anything connecting to them has the full authority of the user running it, and either allow it to ask for arbitrary code to run, or aren't careful about preventing that. Normally that's not a security problem because the client could just run that code itself, but if it's a sandboxed Firefox process, that could have meant a sandbox escape.

1  Comments - Printer friendly - Related stories
Recent related stories
- Firefox experiments with recommended content - 2018-08-08
- Firefox is back - it's time to give it a try. - 2018-06-21
- Mozilla adds sponsored content to Firefox - 2018-05-01
- Extensions in Firefox 59 - 2018-01-27
- Firefox is on a slippery slope - 2017-12-17
- More related articles
 

Tell a friend
Your full name:
Your email address:
Your friend's email:
Anti-spam measure:
5+2=

News Features Interviews
BlogContact Editorials


WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?