sandboxed tabs

[puppyX]

When browsing with multiple tabs open is each seperate tab sandboxed ? Usually when on banking site or ebay or amazon I tend to close all other tabs when signing in. (i've always had a healthy dose of paranoia when using and trusting secure sign ins)
I did search the site briefly but didn't find relevant info. Or didn't understand what has already been published.

[therube]

When browsing with multiple tabs open is each seperate tab sandboxed ?
No, not at all.


You could set up a separate Profile, that you would open/use specifically for your bank/amazon...


There is Private Browsing, but that again is different.

[Moonchild]

To prevent misinformation (thanks therube ) I need to provide more details here.

While tabs aren't sandboxed in what people usually mean these days with it, i.e. a separate process or completely isolated environment with only temporary storage, it is the case that each tab uses its own strictly separate memory and document space and container, and there is no cross-tab information exchange possible. The only data that can be exchanged between tabs is data going through standardized storage of information like cookies and similar controlled data storage.
It should be obvious that strict compartmentalization of tabs is an absolute requirement for a multi-document browser or there would be all sorts of risks having multiple tabs open.

Usually when on banking site or ebay or amazon I tend to close all other tabs when signing in.

There is no need to do this, at all. Tabs cannot access or monitor anything that happens in other tabs.

[puppyX]

That clears it up for me. Thanks.

[New Tobin Paradigm]

Mozilla had to break it's tried and true internal security to do sandboxing and e10s with interprocess communication. This has left the Mozilla of today with weak internal security and the sandbox leaks like a sieve and constantly has sec issues focused at it along with the WebEx impl. Indeed, the very thing that we don't allow by design is actually something Mozilla is trying to introduce on top of everything else that has gone wrong over there.. And of course more holes in any remaining old style security and their new sandbox needs to be punched to accomplish this.

SO.. IF they are STRICTLY talking about the state of their own old style security today VS their new shit.. It MIGHT be "better" from the perspective that they have broken the old security and at that specific moment they have resolved some major issues in their NEW security. But it is all manipulative and indeed transitory. They have to keep punching holes in it so the feature of the day works and their old style security isn't compatible with it at all.. because what they are doing now is ill-advised at best and stupid insane at worse.

HOWEVER, if they say their new sandbox and security model is superior to US.. Well they are just outright lying or talking out their ass because they likely never understood how the older but intact model worked because the people who wrote it have long since been purged. Or both.

Bottom line is.. At any given point over a protracted period of time they are either breaking security or fixing security. While we... We just stay secure.

[moonbat]

There was major butthurt over there when Pale Moon was found to be immune to the Spectre bug thanks to having gotten rid of high precision Javascript timers that made it possible much earlier.

And they'll go on about 'iT's jUSt a fOrK so it's obsolete'. Well so is Firefox itself a fork of Netscape 6 circa 2002 but no one's comparing them now are they?

[New Tobin Paradigm]

As a matter of absolute history, Firefox is strictly NOT a fork of Netscape but the UI was built from carefully chosen chunks of code that made up navigator.xul which wasn't much my research has shown plus whatever was shared in the pre-platform "Mozilla Project".

[Moonchild]

iT's jUSt a fOrK so it's obsolete

That statement in itself is wrong. If you don't understand why then you need to learn what a fork is.

[moonbat]

That statement in itself is wrong. If you don't understand why then you need to learn what a fork is.

I know what it is, these guys seem to think fork means 'frozen snapshot of code at a given point', hence the snarky reference to Netscape.

Off-topic:
I was reading about containers that they've implemented - so you can have a tab with its own isolated set of cookies and storage. Does this have anything to do with e10s? There's a Multi-Account Container extension on CAA that I installed, but it doesn't show up anywhere in the UI or customize toolbar window.
Seems like a good extension to have - you could be logged into the same website with 2 different accounts without having to use a different browser altogether, or use Facebook in its own isolated environment so it can't track what you're doing elsewhere.

[doofy]

Seems like a good extension to have - you could be logged into the same website with 2 different accounts without having to use a different browser altogether, or use Facebook in its own isolated environment so it can't track what you're doing elsewhere.

The first half of your statement is correct.
I don't see how the second half can be.

[Moonchild]

No, those "containers" have nothing to do with what I talked about. Their containers are "identity containers" not document containers. Same word, different thing.

[John connor]

If you're interested in sandboxing then check out the now freeware Sandboxie. I use this all the time with my browser in lieu of running very cumbersome, page breaking NoScript. And I was a total NoScript fan and donated all the time. I considered it a literal gate in front of your anti-virus. Sandboxie will help keep polymorphic malware at bay and anything else from sticking on your computer or in your profile depending on how you set it all up. For me, I have Sandboxie setup to only allow Pale Moon to hard modify certain files like the the pref.js file or bookmarks, dictionary, etc. To do that you have to block all PM access and hand add each and every excluded path allowed for PM to use. When I close my browser no cookie or cache nor HTML5 crap remains. And I verify that periodically with a shortcut to my PM profile folder on my desktop. I watch which files were changed.

Since Sandboxie is now freeware, you can now sandbox what ever you want. Even PM portable for certain sensitive stuff, etc. I now Sandbox Thunderbird, and the Tor browser. I could sandbox Chrome and Firefox portable which I like to keep on hand for testing or when websites refuse to work with PM.

[moonbat]

If you're interested in sandboxing then check out the now freeware Sandboxie.

I'm on Linux, unfortunately
And with 4GB RAM, no way am I going to be able to use any regular VMWare or Virtualbox or similar.

[John connor]

If Linux is your thing then you might be interested in the Qubes OS. But you need to read what hardware will work with its features. And not all computers will support all of the features at once. So you want a laptop or motherboard that supports most of it. If you try it on hardware that isn't listed, then be sure to report back your findings.