WingNews logo WingNews GitHub [2]
top | item 15704764

Ask HN: Firefox vs. Chrome security

82 points| nsudio | 8 years ago | reply

I'm seeing a lot of hype surrounding Mozilla's recent release of Firefox Quantum - which promises massive improvements, mainly speed.

Looking past the speed aspect, where does FF stand against Chrome? Does Rust offer much better security? AFAIK Chrome is gold standard in sandboxing...does this still hold true?

70 comments

order
[+] mintplant|8 years ago|reply
> AFAIK Chrome is gold standard in sandboxing...does this still hold true?

Firefox offers similar sandboxing; see https://wiki.mozilla.org/Security/Sandbox

Firefox's JavaScript engine also implements more in-depth protections than V8, such as W^X in the JIT and compartments+wrappers to provide revokable access control and separation between code from different origins. There's a lot more to security than ensuring code execution can't break out of the browser.

[+] AdmiralAsshat|8 years ago|reply
Firefox has been a low-priority target for a couple years due to its waning user-base. In fact, Firefox wasn't even at Pwn2Own 2016 because hackers didn't think it was worth their time[0].

Hopefully with Quantum and a resurge in popularity, it'll become a target of white-hat hackers again.

[0] http://www.eweek.com/security/pwn2own-hacking-contest-return...

[+] gcp|8 years ago|reply
Coincidentally it not being worth their time coincided with Mozilla not sponsoring the contest any more. You can make of that what you will.
[+] tinus_hn|8 years ago|reply
That is a great argument against the monoculture seen in some product categories.

If (almost) everyone runs Windows you’re safer if you run Linux.

[+] therealmarv|8 years ago|reply
I heard a different story. Firefox was not at the contest because it was not in the same league as the others browsers (and not in a good way). See the last sentence of your link "We wanted to focus on the browsers that have made serious security improvements in the last year"
[+] beaconfield|8 years ago|reply
From Peter Bright at Ars: "And security remains a pressing concern, prompting the use of new techniques to protect against exploitation. Some of the rebuilt portions are even using Mozilla's new Rust programming language, which is designed to offer improved security compared to C++.

While today's release represents a major step forward in the browser's performance and reliability, work on Quantum continues. One major weakness of Firefox, relative to Chrome and Edge, is its use of sandboxing and process isolation to limit the impact that security flaws can have. Next year Mozilla will be working to improve these areas. Early next year should also see the rollout of a new GPU-accelerated rendering engine."

[+] gcp|8 years ago|reply
One major weakness of Firefox, relative to Chrome and Edge, is its use of sandboxing and process isolation to limit the impact that security flaws can have. Next year Mozilla will be working to improve these areas.

Firefox has been shipping with a sandbox for a while, let alone e10s. Is that an old post?

[+] shmerl|8 years ago|reply
> Early next year should also see the rollout of a new GPU-accelerated rendering engine

So what version will get Webrender exactly?

[+] hdhzy|8 years ago|reply
One interesting extension for desktop Firefox is Containers [0]. This is like per site incognito mode so tracking cookies do not escape between containers. While it's not a strict security thing for me it's one of more interesting aspects of Firefox as a browser.

[0]: https://addons.mozilla.org/en-US/firefox/addon/multi-account...

[+] _hyn3|8 years ago|reply
Google has (always) gathered information about Chrome -- and Chromium -- users by default, including every keystroke typed into the "omnibox". Not easy to disable, either.

This seems to be a recent Firefox policy change: all editions of Firefox is now collecting data, such as telemetry, information gathering, usage data. (URL's? Form data?) This is all opt-out instead of opt-in now, and you're asked only after installation. You have to pro-actively disable it.

(Formerly, telemetry gathering was only gathered by default on nightlies and dev tracks; this telemetry does cover usage.. i.e., this seems to include what URL's you're browsing; this could be a security risk for apps like Dropbox and OneDrive.)

To be fair, it's easier to opt-out in Firefox than it is in Chrome, and Firefox is also more up-front about it after initial setup/installation; still, given that Firefox held itself out as the privacy-oriented browser, this is a significant change.

(Which leads to a new question.. what's the new best privacy browser? probably Brave? or, perhaps, Opera?)

EDIT: citation, thanks to cJ0th:

https://www.mozilla.org/en-US/privacy/firefox/

[+] gcp|8 years ago|reply
Firefox does NOT do any this, as far as I know. What is the source of this FUD?

A public discussion was started to get to know how people felt about privacy conserving telemetry collection that would be opt out by default. There was massive negative feedback (duh). The feature did not ship in 57.

https://medium.com/georg-fritzsche/data-preference-changes-i...

"instead we always collect LESS data on Firefox release."

[+] hobarrera|8 years ago|reply
> you're asked only after installation. You have to pro-actively disable it.

Of course it's done after installation -- how would an app allow you to configure something BEFORE it's installed?

[+] dsschnau|8 years ago|reply
brave and opera both sit on top of chromium so idk about those
[+] walterbell|8 years ago|reply
Brave browser from Brendan Eich, Mozilla co-founder
[+] 3ds|8 years ago|reply
My understanding is, that Firefox Quantum is not faster due to any additional rust parts, but because the team focused on performance optimization across the entire codebase.

The only big rust component was introduced a couple of releases ago: Stylo.

Once Webrender is in Firefox, a serious chunk of Firefox will be written in Rust.

[+] metajack|8 years ago|reply
Stylo is about 10x faster than the old style system on a four core machine, and about 4x faster than Chrome's style system. This feature alone is worth 30% of initial page load time on amazon and youtube.

So yes, Quantum is faster as a direct result both of Rust code, and of Rust's memory-safety-makes-parallelism-practical features. That is not the only source of performance improvement in Quantum though.

Also, Quantum isn't yet getting the full benefits possible from this code for a few reasons. Firefox 57 uses Stylo for content, but not yet for chrome, which will be coming in a later release. In Servo, CSS is parsed off the main thread, but in Quantum it is not yet (will be done in a future release). Servo pipelines style resolution and frame construction (basically after the top down pass to deal with the style cascade, we go back up the tree bottom up constructing the layout data structures), and Quantum does not yet do this. Lastly, cross-language inlining is missing which would allow inlining FFI calls. Servo doesn't have this issue since all the driver and layout code is also in Rust.

[+] mintplant|8 years ago|reply
This is incorrect, Stylo is new in 57 and part of the speed boost of Quantum.
[+] gsnedders|8 years ago|reply
Stylo is a big perf jump, but so are many of other changes. It isn't solely replacing things with Rust that has made it fast.
[+] robbyking|8 years ago|reply
I actually noticed some weird and potentially concerning behavior with Firefox Quantum this morning.

I had a fair number of tabs open (~28 or so), and I restarted the browser so a change I made would take effect. I have FF set to show my windows and tabs from my previous session on start up, but it instead launched with a single tab showing my home page. Okay, no big deal, I'll just restore my previous session from the History menu. When I clicked on the history menu, though, I didn't see my most recent history, but instead a list of URLs from my bank.

I assume this is due to a syncing issue with my Firefox account (I changed my banking password just to be safe), but it's still concerning.

[+] mintplant|8 years ago|reply
That really does sound like a sync/profile issue, especially as it coincided with a failure to restore your previous session. I suspect you encountered some sort of corruption in your profile, and Firefox automatically restored one of the multiple backup copies it keeps to attempt to mitigate data loss. Still, always good to take precautions.

What Firefox release channel(s) are you using? Are you running the same version across all of your sync'd devices? And can you share what change you made before restarting the browser?

[+] beaconfield|8 years ago|reply
From what I understand about Rust, it does offer some native security improvements.
[+] nwah1|8 years ago|reply
Apparently about a third of browser security vulnerabilities can be traced to memory safety issues. So, yes.
[+] notacissp|8 years ago|reply
Look for the recent whitepapers by Cure53 and X41 both titled Browser Security Whitepaper.

tl;dr Chrome + Edge are more secure. Do not use Internet Exploder

[+] mtgx|8 years ago|reply
Until proven otherwise, I think Chrome remains the most secure browser.

From what I've seen, FF57 only uses one content process by default (at least when you upgrade it from FF56), although you can enable up to 7 in settings ( I wish they gave higher numbers, too, like 50, or have a custom field).

Also, Rust is still a small portion of the browser. I'm not sure how big of a portion is of the rendering parts, which are usually the ones causing security issues.

We'll see how it fares at the next Pwn2Own and perhaps in new papers comparing browsers' security over the coming year.

That said, I am excited that Tor will soon use FF59, which should include all of these improvements (but hopefully customized to have improved hardening by default compared to regular Firefox, on all operating systems).

[+] arghwhat|8 years ago|reply
FF57 has a relatively small amount of Rust (~160k lines of C++ replaced with ~80k lines of 10x faster Rust). Chrome is "pure" C++, though.

More content processes wouldn't do much difference. It doesn't reduce the attack surface (potentially increasing it due to complexity), but only reduce amount of data per process in case you gain read-only access to its memory (which I can't currently think of as being an interesting attack).

I would imagine that more content processes is about stability, rather than security. However, splitting larger processes into smaller ones can yield great benefit on the security front.

EDIT: FF57 defaults to four content processes.