Jump to content

How To Change Firefox’s Sandbox Security Level


vissha

Recommended Posts

How To Change Firefox’s Sandbox Security Level

 

The guide provides you with information on how to change the security level of the built-in sandbox of the Firefox web browser.

 

One of the major improvements that comes along with Firefox's new multi-process architecture is sandboxing to improve the browser's security.

 

The multi-process rollout is chugging along nicely, but it will still take at least months before it is enabled by default for all, or at least the majority, of Firefox Stable users.

 

Electrolysis, Firefox's multi-process architecture, is the prerequisite for Firefox's sandboxing feature as it makes use of child processes to establish security boundaries.

 

Instead of executing all code in the parent process, code is executed in a content process instead limiting what it can do.

 

Firefox's sandboxing model supports different levels which determine what code executed in the sandbox is allowed to do.

 

Mozilla implemented three levels currently, and plans to add additional levels with higher security restrictions later on.

 

The operating system and the Firefox channel depend what is implemented currently. Here is a brief overview of the current status:

  • All: Gecko Media Plugin enabled.
  • Windows: NPAPI plugin enabled, content at level 2 in Nightly, at level 1 for other channels, compositor at level 0.
  • OSX: content at level 2 in Nightly, at level 1 in Aurora, rest nothing.
  • Linux: content at level 2 in Nightly, rest nothing

The next target for Windows is level 3 sandboxing, for OSX level 2 sandboxing, and for Linux level 1 sandboxing.

 

Sandbox levels

 

Sandbox levels get more restrictive the higher they are. Level 0 is the least restrictive level, level 2 the most restrictive currently. Once level 3 is introduced, it will become the most restrictive level available.

 

Level 3 will be implemented in Firefox for Windows first, and later on in Firefox for OSX and Linux.

 

You can check the restrictions of each sandbox level on the Mozilla Wiki site. Please note that sandboxing in Firefox is a work in progress. Things may change along the way, but the wiki will get updated when that happens.

 

Check Firefox's sandbox level

 

firefox-sandbox-level.png

 

Mozilla Firefox lists the sandbox level that is used by the browser in two locations in the interface. You can load about:support and scroll all the way done until you reach the sandbox listing on the page.

 

Check the "content process sandbox level" value to find out.

 

The second option that you have is to load about:config, and search for the parameter security.sandbox.content.level. The value that is returned is the current content level of the Firefox sandbox.

 

Change the Firefox sandbox content level

 

firefox-content-sandbox-level.png

 

The parameter security.sandbox.content.level determines the level of the sandbox. You may use it to change the level, but only to a value that is supported.

 

If you pick a lower value, some sandbox restrictions may be lifted, if you pick a higher value -- provided that it is supported -- the sandbox may be more restrictive than it was.

 

To change the sandbox level of NPAPI plugins, search for the preference dom.ipc.plugins.sandbox-level.flash or dom.ipc.plugins.sandbox-level.default instead.

 

Closing Words

 

The next big milestones for Firefox's sandbox feature land in Firefox 53 for Linux, and Firefox 54 for Windows and Mac versions of the browser if the schedule holds.

 

Now You: What are your expectations for the feature?

 

Source

Link to comment
Share on other sites


  • Replies 1
  • Views 1.8k
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...