
What’s Next for Multi-Process Firefox - cpeterso
https://blog.mozilla.org/futurereleases/2016/08/02/whats-next-for-multi-process-firefox/
======
sharmi
I feel like my case is an anomaly compared to others on this thread, but this
has been a consistent experience for me.

I hoard tabs and easily reach 40 tabs in a single session. It is typical to
have 60-100 tabs open at any point in time. I find that firefox handles this
much better than chrome does. Any time the tab count exceeds 15 or so in
Chrome, my whole system slows down and freezes. I am forced to close some tabs
and restart chrome to get some sanity. Often system reboot is the only option.

In firefox the same system slowdown happens, but rarer than chrome, usually I
have nearly 200 tabs open and running for a long time. In such cases, I just
have to restart firefox. Firefox presents me with the restore window which is
a much saner way to select only the tabs I want. Even in that case, when I
restore, it does not load all the tabs, only the active ones, so it does not
impact system performance.

The only time firefox becomes slow even on startup is when I have restore
windows several levels deep (yes, there is such a thing :) ) and I believe I
am wholly responsible for that and not firefox.

So it really surprises me when people say Chrome is more performant.

Also, maybe because of familiarity, I find firefox Developer Tools more usable
than Chrome's. But what do I know? I am a server side person dabbling in UI
for my personal projects, not a web designer :)

I dread Firefox following the footsteps of Chrome!

Oh, and not to mention the scores of chrome processes that pollute the process
list!

when I run the `ps` command or the `top` command, it is difficult to locate
the process that I am actually looking for. Also, it is much, much harder to
estimate how much memory and processor time Chrome is really consuming when
there are so many processes of Chrome running. May be I am doing it wrong.
Some one please enlighten me.

~~~
bad_user
I keep switching between Firefox and Chrome. I want to be using Firefox,
except I cannot.

Chrome is designed for web apps. If you keep several apps open in Firefox,
like say Gmail, FastMail, Slack, Gitter, Facebook Messenger, WhatsApp Web and
Google Music or YouTube, pretty soon Firefox ends up being really, really
sluggish. And I keep these apps pinned, and the startup experience for Firefox
gets horrible.

Firefox also has problems with many services, where loading a single link can
make your whole browser unresponsive for a long time or even crash it. To see
what I mean, load this Travis log in Firefox and compare with Chrome:
[https://travis-ci.org/monixio/monix/builds/148774867](https://travis-
ci.org/monixio/monix/builds/148774867) ; and this is just one sample, there
are others that bother me, like the OpenTSDB UI. Personally I don't keep 200
tabs open, because I'm focusing on just a few at a time. If I want to go back
to something valuable, I use bookmarks (or more recently Pinboard.in). This is
because tabs are hard to manage and search, unless you have one of those fancy
extensions, but I dislike those as well.

On add-ons, I very much appreciate Mozilla having a good review process, but
those add-ons have no isolation and everything is allowed to run even in
private mode.

The fact is, if I can't comfortably run my web apps in Firefox, I'll keep
going back to Chrome. And yes I keep trying using native apps, like
Thunderbird and Adium/Pidgin. It isn't working out.

~~~
ploxiln
Notice also that the Raw Log loads instantly and is very responsive, in the
same Firefox that struggles so much with the fancy travis log page.

I think it is unfortunate that insanely heavy web applications, which can
kinda get away with it in Chrome, are forcing everyone to Chrome.

~~~
tracker1
It's hard... though, if you work in a mixed environment where different devs
use different browsers, some things are better.

Just the same, it's hard to convince people not to bring in the jungle for the
banana (appropriated analogy). With today's tooling, it's very easy to use
smaller frameworks, and piece together what you need.. but in goes angular,
jQuery, lodash and a few other large libraries for good measure. About the
only one I'm guilty of bringing in these days is moment... and most of that is
because the internals for Date are poorly lacking (maybe it's time to
standardize some non-mutating, moment-like ES extensions to Date already).

~~~
lcarlson
Ugh I just had this debate recently about moment. I opted out of using it as I
felt it was just too big for its use case.

------
joaomsa
Looking at [https://areweslimyet.com](https://areweslimyet.com) it looks like
memory consumption has been on a slight upward trend. Are these tests
conducted with e10s or should we expect a massive increase?

As one of those pathological users that often keeps 50+ tabs open (somewhat
manageable with the tabgroups addon), I'd hate to see one of the principal
Firefox advantages go away.

~~~
Perseids
I'm also one of the heavy tab users (though even more on the high end: I
routinely close hundreds of tabs when I tidy up my browser) and I can
wholeheartedly recommend the Tree Style Tab extension [1]. It automatically
orders your tabs in a child-parent-relationship in a side-bar on the side of
your screen, which is invaluable, when you e.g. search for a product on Amazon
and have all of the competing products open in child-tabs below your search
parent-tab. For Hackernews, I have the front page as parent tab, the
discussion pages as children and all the links in the discussion as
grandchildren, which neatly orders each context together.

[1] [https://addons.mozilla.org/en-US/firefox/addon/tree-style-
ta...](https://addons.mozilla.org/en-US/firefox/addon/tree-style-tab/)

~~~
forgotpwtomain
What do you use for session management / syncing? I've found that the Chrome
Session Buddy extension is highly preferable to the Firefox Session Manager.
Why something so crucial is a hobbyist project on both ends and not
internalized by the respective companies - I still wonder myself.

~~~
newscracker
For session management (not sync), Session Manager [1] is an excellent
extension. It's compatible with Tab Mix Plus, and I use it all the time.

[1]: [https://addons.mozilla.org/firefox/addon/session-
manager/](https://addons.mozilla.org/firefox/addon/session-manager/)

------
eagsalazar2
Firefox is always fighting an uphill battle against IE and Chrome who have
major advantages in both resources and integration with their respective
platforms.

Firefox thrived and grew in an environment where competitors where terrible.
They lost the lead to Chrome and unless google really drops the ball I don't
see how they can get it back by just being better. They'd have to dramatically
leapfrog the competition in a very compelling way and since both MS and Google
are investing heavily in their browsers, it isn't clear to me how they could
ever do that.

~~~
eru
Actually, on Android Firefox works much better than Chrome exactly because
they are independent.

Mobile Firefox allows extension, crucially adblockers. I don't think mobile
Chrome will allow those anytime soon.

~~~
Twirrim
The original release was pretty bad, and I ignored it from then on until a
couple of weeks ago when I gave it another shot. It's so far superior to
Chrome on Android, even _without_ extensions like Adblock. That extension
really does add value though, especially with the reduction in power demands.

~~~
tracker1
Agreed, running so much better than a few months ago when I last tried...
Lastpass can now at least see the website I'm on, if they can get form filling
worked out, I'd be very happy. uBlock origin seems to be working well now
too...

~~~
tracker1
grr... can't click into a textarea to edit existing text... :-( back to
chrome.

------
forgotpwtomain
This probably isn't a direct response - but I've been thinking about it for a
while. In my mind there are a few major reasons that Firefox is loosing market
share to Google Chrome.

1) Performance

These might be select regressions (Google Maps, Slack - so I'll skip the
bugzilla references), but every-time a user has to open Slack or Google Maps
or Google Docs in Chrome, they are that much more likely to switch from
Firefox (ultimately due to Sync issues: bookmarks, history) it just makes so
much sense to use a single browser.

2) Developer Tools

I don't know how it is now, but half a year ago when I tried to switch to
Firefox Developer tools (again for the Nth time) it would take 2-4 seconds for
the console to open. Comparatively Chrome Dev tools opened < .5. As a result
even trying to use Firefox for everything else, I still end up in Chromium
almost daily.

3) Sync/Mobile

Using Google Chrome has distinct advantages when syncing with an Android
device and other Google services (performance issues aside) - most of the
things that I considered to be an advantage in Firefox mobile (the top button
with <number-of-tabs> for tab switching) Chrome has actually copied.

Minor point - I'm almost sure there is some somewhat underhanded user-memory
choice (it's just too smart and annoying to be a bug) - because as someone
that is often in foreign countries my Firefox (where I am signed into Gmail
btw) always tends to give search results in the native language search, while
Chromium (where I'm not signed into anything displays English ones).

Over all I really think Mozilla should focus on getting an advantage on 3) --
I don't think Google and definitely not _pocket_ (which I wish they would
unbundle from Firefox) provide a good service for syncing information /
personal links / knowledge. There was a browser concept that floated by HN
some-time ago allowing users to organize their tabs into sessions / subjects -
that could be great! (e.g. check a button to sync only my places/people/events
window to my phone and leave my work stuff out).

~~~
ams6110
> Performance

I use Firefox about 80% of the time. I use Chrome for a few sites I need for
work that still use Flash.

I really don't notice this performance issue. I don't use Slack, but do use
Google Maps, Google Drive/Docs/Sheets and Gmail and it's all just fine in
Firefox from my perspective.

I tend to not keep large numbers of tabs open (just habit more than anything)
so that may be part of it. E.g. 10 tabs would be _a lot_ for me.

I also don't sync settings. In fact I have no settings: I have firefox set to
basically dump everything (cache, history) upon exit.

~~~
HelloImDumb
It's been my experience over the past couple of years dealing with ugly web-
apps that abuse JS, have huge DOMs, thousands of tiny images etc., that such
abominations (hacks) will run reasonably well on Chrome while verging on
unusable in Firefox. This is from someone who was ideologically wedded to
Mozilla for years, and more or less refused to use IE regardless of how good
it got; I switch to Chrome basically solely on the basis of performance;
secondarily the strength of dev tools and the impressive security model.

It's freaking sad that Firefox is stumbling out multi-process in 2016. This
has plainly been the way to go for years. Multithreading is a disaster, it's
just not a workable model for browser-scale applications.

But hey, if they could recover Firefox from the ashes of the bloated disaster
that Mozilla Suite became, I have hope that the community can catch up
eventually. Maybe.

~~~
pcwalton
> Multithreading is a disaster, it's just not a workable model for browser-
> scale applications.

All browsers, Chrome as much as any other, are heavily multithreaded, so this
is clearly untrue.

~~~
HelloImDumb
Ok, you got me. What I said was nonsense, taken literally, I was being lazy;
you're right, Chrome's heavily multithreaded too. But, there is process-level
separation both between tabs/browser contexts with information of differing
security sensitivity, and between nasty stuff like parsing and rendering
versus basic UI etc. All the good defense-in-depth sandboxing that others have
alluded to, that is the stuff of many papers.

------
thesimp
Whoa! Firefox 48 opens the Windows proxy settings now! That is not good. I
especially use Firefox so that in a corporate environment I can use different
proxy settings than IE.

~~~
joaomsa
Was in the same corporate boat as you a while back. The FoxyProxy addon [1] is
much more flexible, I recommend you switch to that since it enables quick
toggling between the IE proxy and your configured ones.

[1] [https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-
sta...](https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/)

~~~
semi-extrinsic
FoxyProxy also lets you set different proxies for different pages. So you can
run one proxy to be able to access the corporate intranet from outside, and
another to access a non-public testing webpage, etc.

------
ryuuchin
Moving to a multi-process architechture has a number of benefits but security
is certainly one of them.

While currently it doesn't really add anything from a security perspective the
ability to run rendering in a separate process will allow it to very naturally
support a number of operating system mitigations that it otherwise would not
have in addition to adding restrictions on the process itself (sandboxing).

I believe this will allow Firefox to start to adapt to a more defense in depth
philosophy although I admit it's probably still a long way to actually getting
there. There's no getting around the fact that security in Firefox has been
rather stale but e10s gives something to look forward too since the multi-
process architecture allows you to do so much more for defense in depth.

~~~
revelation
Honestly, I can't really come up with one reason that would make a multi-
process Firefox more secure than a single-process one.

The multi-process trend is sold as "crash-proof" which reads like "can't fix
exception handling".

~~~
gcp
With multiple processes you can apply more strict OS controls to one of the
processes. That doesn't work with threads.

~~~
revelation
Which are ...?

See the problem is always local code execution. Once you have that, it's over.
There are real mitigations (W^X, ASLR, stack cookies) and then there seems to
be lore ("multi-process", "sandboxing").

~~~
drdaeman
> Which are ...?

seccomp.

Local code execution doesn't mean a thing (except for wasted CPU cycles and/or
memory) if number of syscalls the process can do is limited to the bare
minimum.

~~~
ryuuchin
And the Windows equivalent (win32k lockdown)[1]. This restricts a number of
win32k syscalls including all GDI ones. Chrome already uses this mitigation
for renderer processes and has support for PPAPI plugin processes on their
dev/beta channels.

[1] [https://msdn.microsoft.com/en-
us/library/windows/desktop/hh8...](https://msdn.microsoft.com/en-
us/library/windows/desktop/hh871472\(v=vs.85\).aspx)

------
dagaci
Its quite shocking to think how we used to get by with such little amounts ram
and Cpu power. Firefox is currently consuming 518.4 MB of ram (7 tabs) and
using 0.6% of a 12 core 3.4 Ghz CPU. But i guess this is progress...

~~~
dblohm7
We also didn't used to have nice things like JITs and hardware accelerated
graphics.

~~~
MichaelGG
We didn't need them, since websites rendered just fine without all the shit
they have today.

I used a site that rendered a grid of images. Literally, that was the only
user-visible function. It took 5s to render when throttled to 1GHz i5.
Unthrottled i5 required 2.5s.

It is lunacy. It is an artifact of having a terrible language (JS) and a
terrible layout system (HTML) mixed up into a modern "standard". Plus naive
developers abstracting so far away they have no idea what's going on, and
partially don't care.

Wasn't too long ago someone asked (I think unironically) why HN was so "fast".
As if such a page shouldn't load basically instantly.

Can you honestly say info browsing (not apps like GDocs) overall is better
than it was 10-20 years ago? Ignore the increase in content. Images load
faster, sure, but that's offset by all the other junk. Twitter, for instance -
it's actually sluggish on a nice ThinkPad! WTF.

~~~
pcwalton
HTML isn't a layout system.

And yeah, of course a grid of images is going to be fast, especially if they
aren't even scaled. It's literally just a blit. What gets expensive is when
you add bilinear filtering, alpha compositing, text, shadows with blur, path
filling and/or tessellation...

All of those things are things people now expect from apps, native or
otherwise.

~~~
MichaelGG
There wasn't any fancy shadows, compositing, etc. The CPU was all spent
calculating layouts and doing "stuff", before the images even rendered. My
guess is some suboptimal code buried by a kilometre's worth of abstractions.
It's not that FF is doing something slow (that I know of), it's the mess
people have built on top of HTML/JS/CSS that ends up with non-junior
developers creating monstrosities.

------
binaryanomaly
Multi-Process or not 48 definitely feels a lot faster here! Looking forward to
more...

~~~
mhurron
I forced e10s on 47, and it's still enabled in 48. In both I see random
beachballs (OS X) hitting refresh in one tab and moving to another, and
sometimes spinning wheels trying to navigate to a new tab.

I don't think there are any real performance improvements in 48 other than the
improvement you'll get from restarting a long running process.

~~~
bwat48
Have you tried with addons disabled? Your experience with E10s largely
revolves around which addons you're using.

Some addons use compatibility shims with multi-process and this can
significantly harm performance in some cases (even potentially making it worse
than e10s disabled).

This site is useful regarding the addon compatibility:
[http://arewee10syet.com/](http://arewee10syet.com/)

------
gosukiwi
I wonder where Rust and servo fit here. Will they be able to "swap" some parts
of Firefox with others written in Rust?

~~~
mastax
There are already bits of Rust code in newer builds of firefox, I think
they'll ship first in 47 or 48.
[https://wiki.mozilla.org/Oxidation](https://wiki.mozilla.org/Oxidation)

Servo is a fantastic research project but it will be a while before it is
"production ready".

~~~
steveklabnik
Ships on all platforms today. [https://www.mozilla.org/en-
US/firefox/48.0/releasenotes/](https://www.mozilla.org/en-
US/firefox/48.0/releasenotes/)

------
peterwwillis
I'm waiting for someone to fork Firefox and strip out anything not totally
necessary to strictly browse 99% of the web, to make it light, fast, simple
and memory-efficient. They could even rename it something familiar...
something that envisions lightness and speed... like "Fire Bird".... Or better
yet, "Phoenix"!

~~~
anthk
That's SeaMonkey, and paradoxically, it's the old _full_ Mozilla suite pre
Phoenix but with current features, and is much faster than Firefox.

~~~
yoasif_
I love Seamonkey (I have to reinstall it on this machine as I haven't used it
in a while), but it's also behind the Firefox dev cycle and doesn't offer the
same level of extension coverage that Firefox does.

It'd certainly be very interesting if the could maintain the latest browser
fixes (even with less extension compatibility), but I doubt the team has the
bandwidth to keep that up.

Just installed it. It doesn't support High DPI displays on Mac OS X.
Unfortunately, that's a bit of a blocker for modern Mac laptops (everything
looks fuzzy).

~~~
anthk
Report a bug, or look at about:config settings.

[https://fedoramagazine.org/how-to-get-firefox-looking-
right-...](https://fedoramagazine.org/how-to-get-firefox-looking-right-on-a-
high-dpi-display-and-fedora/)

apply those to seamonkey.

------
kodablah
Can anyone comment on what the future is for single-process FF? Will it remain
the default for a long time to come, be behind a feature flag, or will it be
unsupported like `--single-process` is in Chrome?

As a personal preference, I like my browser (and most of my applications) to
be a single process.

~~~
RussianCow
> As a personal preference, I like my browser (and most of my applications) to
> be a single process.

Honest question: Why is this your preference? What difference does it make
whether an app is using 1 process or 10 behind the scenes?

~~~
kodablah
Depending upon your operating system of choice, there are many things that are
easier to apply to single processes as opposed to multiple (killing,
affinity/priority, sandboxing/permissions, etc). Also, anecdotally I've found
there is overhead for each tab process (of which I may have a ton of very tiny
ones in my tree tabs). One of my big use cases is that I want to embed the
browser in my software. Granted Gecko is not very embeddable in its current
state, but the general move towards multi-process browsers often prevents my
app from being self-contained (e.g. Electron apps).

There are tradeoffs. If all of the evergreen browsers are headed this route,
so be it, I just want to know.

~~~
gcp
_there are many things that are easier to apply to single processes as opposed
to multiple (killing, affinity /priority, sandboxing/permissions_

Sandboxing is easier with more processes, at least if the processes are split
up to make this easier. One of the reasons for e10s is to allow for
sandboxing, so it is now easier to apply sandboxing rules to Firefox.

 _anecdotally I 've found there is overhead for each tab process (of which I
may have a ton of very tiny ones in my tree tabs_

This is understood and one reason why Mozilla is conservative here.

------
Jaruzel
Default Firefox user here, although I do have Chrome installed on many of my
machines. All around me people are now (or have been for some time) Chrome
users. I just cannot make the switch. I don't know why - maybe it's the sharp
angled tab UI, maybe it's the slightly 'off' font rendering. Maybe I don't
trust google. Whatever it is, I keep using Firefox as my main Browser, and
mostly I'm happy.

A few things would make my Firefox life much easier though:

\- The ability to launch multiple Firefoxs with the same profile, but
completely separate processes. So when one Firefox crashes, the others are
left alone. At the moment, no matter how many Firefox windows you have open,
they are all children of the first Firefox you started.

\- an equivalent of Chromes --APP=[URL] start up parameter (and the
accompanying no-url-bar, custom icon, and unique window location/size
settings) - this is a wonderful feature for web apps, and effectively
transforms them into (almost) desktop apps in appearance. If firefox had that,
I'd be over the moon.

\- A way of allocating a session when you start it for 'X project' and then be
able to save off all those tabs in one action to a folder or tab 'startup
list'. I'd like this to be native, and not an add-on I'd have to keep track of
or suffer incompatibilities when the maintainer has lost interest in it.

Finally, now that Windows and Linux roll with good default Browsers, and that
Firefox (in the main) is a manual install, I can't see it recouping its
percentage share. It feels like the slow death of the original Opera, all over
again.

~~~
bzbarsky
> \- A way of allocating a session when you start it for 'X project' and then
> be able to save off all those tabs in one action to a folder or tab 'startup
> list'.

The existing "Bookmark all tabs" option that creates a bookmark folder from
all the tabs in a window and the existing option to open all the tabs in a
bookmark folder sort of address this use case, unless 'X project' needs
multiple windows...

------
pecord
Just makes me more excited for Servo

~~~
eugeneionesco
Why? Servo is just a proof of concept, it won't be the future of Firefox.

~~~
highwind
It's definitely not a proof of concept.

> Our long-term plan is to:

> \- Incrementally replace components in Gecko with ones written in Rust and
> shared with Servo.

> \- Determine product opportunities for a standalone Servo browser or
> embeddable library (e.g., for Android).

[https://github.com/servo/servo/wiki/Roadmap](https://github.com/servo/servo/wiki/Roadmap)

~~~
sp332
Servo is definitely going places but it's not Firefox. It's not looking to be
a Gecko replacement, and Gecko is too deeply embedded in FF to swap it out.
Sharing code sounds like a good idea though.

~~~
mintplant
For example, another Mozilla intern I know is working on the project to
replace Gecko's CSS style system with Servo's (Stylo).

Check the "Oxidation" page on the wiki:
[https://wiki.mozilla.org/Oxidation](https://wiki.mozilla.org/Oxidation)

------
0xffff2
I get how a multi-process architecture is good for stability, but why is
multi-process necessary for UI responsiveness? Surely the UI is already
rendered on its own thread; why would moving that thread to a separate process
help anything?

~~~
fl0wenol
Firefox has a UI that is rendered in web components and javascript just like
the displayed pages in the tabs. This technology is called XUL. The Gecko
layout engine renders both XUL and HTML styled with CSS.

Traditionally this was all handled in one process. The tabs themselves are
like fancier iframes.

If javascript in a window did not yield, stuck in a tight loop, it could make
the interactive elements of the UI non-responsive (menus, modal dialogs,
right-click menu, etc.)

To combat this, Firefox has a global timer in the whole-browser javascript
that fires and interrupts long-running javascript to display that dialog box
that says: "A script on this page may be busy, or it may have stopped
responding. You can stop the script now, or you can continue to see if the
script will complete." You might have even run into it. This lets you kill it
which gives you the UI back, but may break the offending webpage.

By making firefox multi-process, this hack is no longer needed.

Also you can imagine that for a very javascript heavy web application like
Google Docs, Slack, or Gmail, it fires so many JS events and runs so much code
that when the tab is active on slower systems you find Firefox's own UI is
lagging. This is because the web application is always doing something or
doing it too frequently and Firefox is having a hard time getting a word in
edgewise.

Such heavy interactive pages will no longer negatively impact the browser,
especially on multi-core systems.

------
suprgeek
The annoying problem of being unable to select via Enter key the first item in
the address bar that is shown while typing any text is back.

Using OldBar on FF48 on a MAC

type text into address bar - Key down to select first entry

Hit enter - nothing happens

------
ianlevesque
It's ridiculous that they still don't have sandboxing years after Chrome,
Safari, and IE shipped it. It's just negligent as a browser developer to not
have that basic measure of security in place.

~~~
cptskippy
I don't think you understand what you're complaining about. Each browser has
had different types of sandboxing. IE's approach is to run the whole process
(just the one) in PE mode. Chrome goes a step further and sandboxes each tab
to its own process. Safari just sandboxes plugins. Firefox, prior to
Electrolysis, sandboxes JavaScript, Media Playback containers, and Plugins.
Post Electrolysis it does processes as well.

~~~
ryuuchin
It's the lack of defense in depth which I would say is disappointing more than
anything. Firefox prior to e10s pretty much ran everything save for NPAPI
plugins in the same process. Perhaps it is "sandboxed" in the code but in
practice I'm not sure you could call it a sandbox from the defense in depth
standpoint. Simply running stuff in a separate process doesn't count for much
if the separate process is not restricted in any way.

When you contrast it with Chrome which uses basically every single operating
system mitigation in addition to their sandboxing and the difference really is
striking.

I'm looking forward to the future of e10s Firefox since it now enables them to
move forward with more advanced security mitigations and better defense in
depth. I believe Mozilla released a plan for the future of these things which
it showed what they wanted to do step by step (e.g. plugins first, etc).

~~~
gcp
_I believe Mozilla released a plan for the future of these things which it
showed what they wanted to do step by step (e.g. plugins first, etc)._

Flash and Media Plugins (video decoders, EME/DRM) have already been sandboxed
for several releases. There is a content sandbox in the development versions
of Firefox. Of course it won't ship before e10s is considered stable, because
that's a hard prerequisite for it. The amount of protection also varies by
operating system (Windows and Mac OS X are pretty OK, Linux is still pretty
crappy) but obviously that is improving week by week.

~~~
ryuuchin
> Flash and Media Plugins (video decoders, EME/DRM) have already been
> sandboxed for several releases.

Firefox provides its own sandboxing now? Flash used to use a subset of the
Chrome sandbox for Flash but that was restricted to the 32-bit version of the
browser. As far as I was aware Firefox just ran it in the plugin-container
processes for crash protection and nothing else (if protected mode wasn't
being used or if you were on 64-bit Firefox). Does Firefox now make use of OS
mitigations and integrity levels for sandboxing the plugin process?

~~~
cpeterso
Like you say, Adobe's Flash sandbox (aka "Protected Mode", based on Chrome's
sandbox library) only supports 32-bit Windows. Mozilla wrote its own plugin
sandbox for 64-bit Windows because we didn't want to Firefox users to lose
sandboxing just because they switched from 32-bit to 64-bit. Adobe's and
Mozilla's sandboxes don't use all the same mitigations and some Flash content
is currently broken in 64-bit Firefox.

Here is the Firefox bug tracking the 64-bit sandbox work:

[https://bugzilla.mozilla.org/show_bug.cgi?id=1165891](https://bugzilla.mozilla.org/show_bug.cgi?id=1165891)

