Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Firefox
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Security == {{See also|Browser security}} From its inception, Firefox was positioned as a security-focused browser. At the time, [[Internet Explorer]], the dominant browser, was facing a security crisis. Multiple vulnerabilities had been found, and [[malware]] like [[Download.ject|Download.Ject]] could be installed simply by visiting a compromised website. The situation was so bad that the US Government issued a warning against using Internet Explorer.<ref>{{Cite news |last=Captain |first=Sean |date=11 August 2019 |title=Firefox at 15: its rise, fall, and privacy-first renaissance |url=https://www.fastcompany.com/90428050/firefox-at-15-its-rise-fall-and-privacy-first-renaissance |access-date=6 June 2024 |website=[[Fast Company]] |archive-date=May 7, 2020 |archive-url=https://web.archive.org/web/20200507110319/https://www.fastcompany.com/90428050/firefox-at-15-its-rise-fall-and-privacy-first-renaissance |url-status=live }}</ref> Firefox, being less integrated with the operating system, was considered a safer alternative since it was less likely to have issues that could completely compromise a computer. This led to a significant increase in Firefox's popularity during the early 2000s as a more secure alternative.<ref name="WSJHowTo2">{{cite news |last=Mossberg |first=Walter S. |date=September 16, 2004 |title=How to Protect Yourself From Vandals, Viruses If You Use Windows |url=http://ptech.wsj.com/archive/ptech-20040916.html |archive-url=https://web.archive.org/web/20070221061526/http://ptech.wsj.com/archive/ptech-20040916.html |archive-date=February 21, 2007 |access-date=October 17, 2006 |work=The Wall Street Journal |quote=I suggest dumping Microsoft's Internet Explorer Web browser, which has a history of security breaches. I recommend instead Mozilla Firefox, which is free at mozilla.org. It's not only more secure but also more modern and advanced, with tabbed browsing, which allows multiple pages to be open on one screen, and a better pop-up ad blocker than the belated one Microsoft recently added to IE.}}</ref><ref>{{cite news |last=Costa |first=Dan |date=March 24, 2005 |editor-last=Vamosi |editor-first=Scott |title=Mozilla Firefox {{sic|Browser |nolink=yes}} review |url=https://reviews.cnet.com/browsers/mozilla-firefox/4505-3514_7-31117280.html |archive-url=https://web.archive.org/web/20071226062127/http://reviews.cnet.com/browsers/mozilla-firefox/4505-3514_7-31117280.html |archive-date=December 26, 2007 |publisher=[[CNET]]}}</ref> Moreover, Firefox was considered to have fewer actively exploitable [[security vulnerabilities]] compared to its competitors. In 2006, ''[[The Washington Post]]'' reported that exploit code for known security vulnerabilities in Internet Explorer were available for 284 days compared to only nine days for Firefox before the problem was fixed.<ref>{{cite news |last=Krebs |first=Brian |date=January 4, 2007 |title=Internet Explorer Unsafe for 284 Days in 2006 |url=http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html |url-status=live |archive-url=https://web.archive.org/web/20110424031839/http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html |archive-date=April 24, 2011 |access-date=January 24, 2007 |newspaper=The Washington Post}}</ref> A [[NortonLifeLock|Symantec]] study around the same period showed that even though Firefox had a higher number of vulnerabilities, on average vulnerabilities were fixed faster in Firefox than in other browsers during that period.<ref>{{cite news |last=Keizer |first=Gregg |date=September 25, 2006 |title=Firefox Sports More Bugs, But IE Takes 9 Times Longer To Patch |url=http://www.techweb.com/wire/security/193005335 |archive-url=https://web.archive.org/web/20080207192416/http://www.techweb.com/wire/security/193005335 |archive-date=February 7, 2008 |access-date=January 24, 2007 |publisher=TechWeb}}</ref> During this period, Firefox used a [[Monolithic system|monolithic architecture]], like most browsers at the time. This meant all browser components ran in a single [[Process (computing)|process]] with access to all [[system resource]]s. This setup had multiple security issues. If a web page used too many resources, the entire Firefox process would hang or crash, affecting all tabs. Additionally, any exploit could easily access system resources, including user files. Between 2008 and 2012, most browsers shifted to a multiprocess architecture, isolating high-risk processes like rendering, media, GPU, and networking.<ref>{{Cite web |title=The Security Architecture of the Chromium Browser |url=https://seclab.stanford.edu/websec/chromium/ |access-date=2024-06-06 |website=seclab.stanford.edu |archive-date=June 6, 2024 |archive-url=https://web.archive.org/web/20240606161407/https://seclab.stanford.edu/websec/chromium/ |url-status=live }}</ref> However, Firefox was slower to adopt this change. It wasn't until 2015 that Firefox started its Electrolysis (e10s) project to implement sandboxing across multiple components. This rewrite relied on [[Inter-process communication|interprocess communication]] using [[Chromium (web browser)|Chromium]]'s interprocess communication library and placed various component including the rendering component in its own sandbox.<ref>{{Cite web |date=26 November 2020 |title=Technical Overview of Multiprocess Firefox |url=https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Multiprocess_Firefox/Technical_overview |url-status=dead |archive-url=https://web.archive.org/web/20201126184717/https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Multiprocess_Firefox/Technical_overview |archive-date=26 November 2020 |access-date=6 June 2024 |website=Mozilla Developer Network}}</ref> Firefox released this rewrite in to beta in August 2016, noting a 10β20% increase in memory usage, which was lower than Chrome's at the time.<ref name=":0">{{Cite web |last=Callahan |first=Dan |date=2016-04-11 |title=The "Why" of Electrolysis |url=https://blog.mozilla.org/addons/2016/04/11/the-why-of-electrolysis |access-date=2024-06-06 |website=Mozilla Add-ons Community Blog |language=en-US |archive-date=June 6, 2024 |archive-url=https://web.archive.org/web/20240606161412/https://blog.mozilla.org/addons/2016/04/11/the-why-of-electrolysis/ |url-status=live }}</ref> However, the rewrite caused issues with their legacy extension API, which was not designed to work cross-process and required [[Shim (computing)|shim code]] to function correctly.<ref name=":0" /> After over a year in beta, the rewrite was enabled by default all users of Firefox in November 2017.<ref>{{Cite news |url=https://arstechnica.com/information-technology/2016/12/firefox-takes-the-next-step-towards-rolling-out-multi-process-to-everyone/ |title=Firefox takes the next step toward rolling out multi-process to everyone |last=Bright |first=Peter |date=December 21, 2016 |newspaper=Ars Technica |access-date=December 25, 2016 |archive-url=https://web.archive.org/web/20161224234423/http://arstechnica.com/information-technology/2016/12/firefox-takes-the-next-step-towards-rolling-out-multi-process-to-everyone/ |archive-date=December 24, 2016 |url-status=live}}</ref> In 2012, Mozilla launched a new project called [[Servo (software)|Servo]] to write a completely new and experimental browser engine utilizing [[Memory safety|memory safe]] techniques written in [[Rust (programming language)|Rust]].<ref>{{Cite news |last=Anderson |first=Tim |title=Mozilla will emit 'first version' of Servo-based Rust browser in June |url=https://www.theregister.com/2016/03/15/mozilla_to_release_first_version_of_servobased_browser_in_june/ |access-date=2024-06-07 |website=www.theregister.com |language=en |archive-date=June 7, 2024 |archive-url=https://web.archive.org/web/20240607050912/https://www.theregister.com/2016/03/15/mozilla_to_release_first_version_of_servobased_browser_in_june/ |url-status=live }}</ref> In 2018, Mozilla opted to integrate parts of the Servo project into the [[Gecko (software)|Gecko engine]] in a project codenamed the Quantum project.<ref>{{Cite web |title=Fearless Concurrency in Firefox Quantum {{!}} Rust Blog |url=https://blog.rust-lang.org/2017/11/14/Fearless-Concurrency-In-Firefox-Quantum.html |access-date=2024-06-07 |website=blog.rust-lang.org |language=en |archive-date=June 7, 2024 |archive-url=https://web.archive.org/web/20240607050912/https://blog.rust-lang.org/2017/11/14/Fearless-Concurrency-In-Firefox-Quantum.html |url-status=live }}</ref> The project completely overhauled Firefox's page rendering code resulting in performance and stability gains while also improving the security of existing components.<ref>{{Cite web |title=Entering the Quantum EraβHow Firefox got fast again and where it's going to get faster β Mozilla Hacks β the Web developer blog |url=https://hacks.mozilla.org/2017/11/entering-the-quantum-era-how-firefox-got-fast-again-and-where-its-going-to-get-faster |access-date=2024-06-07 |website=Mozilla Hacks β the Web developer blog |language=en-US}}</ref> Additionally, the older incompatible extension API was removed in favour of a WebExtension API that more closely resembled Google Chrome's extension system. This broke compatibility with older extensions but resulted in fewer vulnerabilities and a much more maintainable extension system.<ref>{{Cite web |last=Ellis |first=Cat |date=2017-11-14 |title=Firefox Quantum is here, and it wants to win you back |url=https://www.techradar.com/news/firefox-quantum-is-here-and-it-wants-to-win-you-back |access-date=2024-06-07 |website=TechRadar |language=en}}</ref> While the Servo project was intended to replace more parts of the Gecko Engine,<ref>{{Cite web |title=Firefox will get overhaul in bid to get you interested again |url=https://www.cnet.com/tech/services-and-software/firefox-mozilla-gets-overhaul-in-a-bid-to-get-you-interested-again/ |access-date=2024-06-07 |website=CNET |language=en |archive-date=July 14, 2022 |archive-url=https://web.archive.org/web/20220714172029/https://www.cnet.com/tech/services-and-software/firefox-mozilla-gets-overhaul-in-a-bid-to-get-you-interested-again/ |url-status=live }}</ref> this plan never came to fruition. In 2020, Mozilla laid off all developers on the Servo team transferring ownership of the project to the [[Linux Foundation]].<ref>{{Cite news |last=Proven |first=Liam |title=Rusty revenant Servo returns to render once more |url=https://www.theregister.com/2023/09/27/servo_returns/ |access-date=7 June 2024 |website=www.theregister.com |language=en |archive-date=June 7, 2024 |archive-url=https://web.archive.org/web/20240607050912/https://www.theregister.com/2023/09/27/servo_returns/ |url-status=live }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)