vax_2d ago

Hi @GrapheneOS, Can I ask a question?
I know that at the privacy and security communities, many people recommends to stay of off Firefox because it lacks site isolation (also saw the statement at your usage page under web browsing). In my understanding, last year Mozilla rolled out their fission feature, which introduce said site isolation, for their android version. I noticed for example that IronFox ships with it turned on by default. So, based on this, in your opinion are Firefox based browsers now as usable as a chromium based browser security wise?

Thanks.

By the way, bought a Pixel 10 pro specifically to use GrapheneOS. It's been great so far. Thanks for your hard work; it's nice to see people as passionate about their line of work as you!

Show threadGrapheneOS
@vax_ Firefox entirely lacks process sandboxing on Android. Firefox rolled out incomplete site isolation providing protection against data being leaked via side channels through not having it in-process. It does not implement sandboxing site isolation required to protect against more than side channels. It doesn't have sandboxing so it can't protect against anything once a remote code execution exploit occurs. It also lacks similar JavaScript VM sandboxing and many other important protections.
Mar 24 at 5:56amWeb
Show threadNobleCookie2d ago
@GrapheneOS @vax_ Does the tor browser have similar problems? I know it is mostly for anonymity so sandboxing site isolation might not be 100% necessary!?