We were talking about this yesterday. I asked how many of the previous issues we classified a security problem would of been mitigated by a sandbox and the conclusion would be that it would not even cover the majority.

Most of the security issues we encounter are with bugs in the driver. A common bug for example with the Intel mac driver is when sending allocating a valid large texture the texture will sometimes instead be filled with old gpu memory[1]. Then you can glReadPixel the data and reconstruct parts of the desktop windows or tabs. A sandbox isn't going to stop you from exploiting this kind of buggy driver if it incorrectly starts returning other people's data when you asking for unrelated valid commands.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=631258

I thought webgl didn't have glreadpixels?

It's there: https://www.khronos.org/registry/webgl/specs/latest/1.0/webg...

It is coming soon. Firefox Nightly has it as an option, and according to this it's supposed to be an option in Firefox 30. I'm not sure when it will be turned on by default though:

https://wiki.mozilla.org/Electrolysis

Electrolysis is NOT sandboxing, full stop.

To cite the wiki: "sandboxing the content processes is a separate project from Electrolysis". So Electrolysis lays the foundation for sandboxing.

It's true. It wont provide anything on its own so I'm trying to be blunt to kill this misconception that keeps spreading.

I know Servo is currently a research project, but maybe Mozilla's plan is to get a process sandbox from it?

"... The [Servo] engine processes will use the operating system sandboxing facilities to restrict access to system resources."

https://github.com/mozilla/servo/wiki/Design