Firefox and Chromium Security

Chromium is far more secure than Firefox. Firefox's sandboxing and exploit mitigations are poorer than Chromium's by a large degree.

Firefox's sandboxing lacks any site isolation. It's only focused on isolating the browser as a whole from the rest of the OS and even that is quite poor. Excluding the issue of site isolation, only the Firefox sandbox on Windows is similar to Chromium's but even then, it lacks win32k lockdown. The sandboxing on other platforms is very insecure and the Linux sandbox can hardly be called a sandbox at all as there are plenty of trivial escapes such as the X11 server (this is also a 5 year old, critical issue). On Android, Firefox does not have a sandbox at all beyond the OS app sandbox unlike Chromium which uses the isolatedProcess feature.

Firefox lacks important exploit mitigations that Chromium has such as a hardened memory allocator (mozjemalloc is just a few security features tacked on to jemalloc which is inherently exploitation-friendly and is not similar to a hardened memory allocator), Control-Flow Integrity, JIT hardening, ACG, CIG and many more.

Just look at what security experts have to say about Firefox.

Go back