Firefox and Chromium Security

Chromium is far more secure than Firefox. Firefox's sandboxing and exploit mitigations are poorer than Chromium's by a large degree.

Firefox's sandboxing lacks any site isolation. Project Fission is still a WIP. The sandbox is currently only focused on isolating the browser as a whole from the rest of the OS and even that is quite poor. Excluding the issue of site isolation, only the Firefox sandbox on Windows is similar to Chromium's but even then, it lacks win32k lockdown.

The sandboxing on other platforms is very insecure and the Linux sandbox can hardly be called a sandbox at all as there are plenty of trivial escapes such as the X11 server (this is also a 5 year old, critical issue). The issues with the Linux sandbox also go far beyond X11. One example is that there is no GPU process sandboxing. Another example is that the seccomp filter is weaker; for example, there is barely any ioctl filtering and only tty ioctls are blocked and there are a lot more issues.

On Android, Firefox does not have a sandbox at all beyond the OS app sandbox unlike Chromium which uses the isolatedProcess feature.

Firefox also lacks important exploit mitigations that Chromium has such as a hardened memory allocator (mozjemalloc is just a few security features tacked on to jemalloc which is inherently exploitation-friendly and is not similar to a hardened memory allocator), Control-Flow Integrity, JIT hardening, ACG, CIG and many more. You can look through Bugzilla for more examples.

Firefox does have some parts written in Rust, a memory-safe language, but the majority of the browser is still written in memory-unsafe languages so this isn't anything substantial and Chromium is working on switching to memory-safe languages too.

Firefox also uses RLBox but this is only used to sandbox a single library, Graphite and again, is not anything substantial.

Just look at what security experts have to say about Firefox.

Go back