Firefox achieves full site isolation

As the latest Security Now! show notes reports Firefox has achieved ‘fission’, Mozilla’s name for full site isolation, although it’s not yet turned on by default.

The ideas is simple, but technically it’s very tricky – a separate standalone OS process is created for each domain the browser pulls content from, in order to prevent anything nasty escaping and affecting other browser sessions. It even caters for off-site frames, which we know have been a source of data mining in the past.

It certainly makes browsing safe for Firefox users, but at the moment you need to turn it on by enabling ‘fission.autostart’ in the ‘about:config’ settings. If you are not totally comfortable doing that, then please ask someone who is or wait until Firefox turn it on by default in a future release.