Mozilla developers who spent several days this week with the Windows Vista team at Microsoft's Redmond, Wash. campus said that they're considering implementing a security feature in the upcoming OS to better protect future versions of Firefox from attack.
Low Integrity Mode, which is part of the Vista User Account Control (UAC) technologies that are meant to make it more difficult for attackers to install their code on PCs, is similar to "sandbox" techniques that wall off an application from the rest of the operating system. By reducing the browser's rights, Low Integrity Mode prevents a compromised or vulnerable application from making changes to the OS or other apps. Internet Explorer 7 in Vista will make use of Low Integrity Mode as part of what Microsoft calls "Protected Mode." "We spent a while talking to members of both the UAC team and the IE team about ideas on how to structure our app for the lowest permission level," wrote Vukievi on his blog. "I have some ideas on how we could do this in a cross-platform way, taking advantage of UAC on Vista, and dropping privileges on Linux/Mac OS."
Vukievi said that Mozilla's developers will consider if this is possible for the next major version of Firefox, v. 3.0, which is currently on the planning board for a 2007 release. "I think that it would force us to evaluate exactly where the browser touches the rest of the system, and to figure out how to tighten the security around those interactions," he added.
Even before the three-day confab in Redmond, Mozilla was talking about beefing up Firefox security. In an interview last month, Window Snyder, the new head of security at Mozilla, said that the company would look for Firefox to "have fewer entry points into the system."
"Implementing this is very much a mitigation to reduce the impact of vulnerabilities rather than reducing the vulnerabilities themselves," said Vukievi. "But that's a pretty important goal."