I'm currently running Firefox 48.0.1 and discovered that even though the new multiprocess is not yet enabled for me, the sandbox apparently already is, according to about:support, which shows this: Sandbox Seccomp-BPF (System Call Filtering): true Seccomp Thread Synchronization: true User Namespaces: true Media Plugin Sandboxing: true Quote from Arstechnica on the roadmap Note that the quote is from June. I read that the goal for per-tab processes is already first half of 2017.
According to this site the content sandbox is only enabled in trunk while the GeckoMediaPlugin sandbox is already enabled in the release version. You can already manually enable it by setting dom.ipc.processCount in about:config to something > 1, say 4. After a restart you'll see 4 processes in the task manager (provided that 4 tabs are open, of course). Precondition right now is that browser.tabs.remote.autostart and browser.tabs.remote.force-enable are both set to true. EDIT: See my remarks here and here. EDIT2: The need to restart Firefox even if restartless add-ons are installed or updated is explained here and temporary.
Thanks, I got it working to your instructions. Anyway, it's nice that Firefox on Linux already supports Seccomp-BPF and User Namespaces. I thought Firefox on Linux didn't use any sandboxing/hardening mechanisms.(Except for it's own upcoming sandbox of course.)
Having done research on this earlier, so did I. I was content to use Firejail as all the online documentation made it sound as if the Linux platform would be the last to get a sandbox. As it turns out, it didnt take long for them to turn that around. Im still on single-process atm- I think maybe next weekend ill work on creating a new profile, tweaking AppArmor, etc. Given I have lots of RAM I think the pluses outweigh the negatives.
You're welcome Btw, in the meantime I found out that you don't need to restart the browser anymore after installing/updating restartless extensions if you set extensions.e10sBlocksEnabling to false.
Update for me: went ahead and enabled multiprocess for firefox on a new profile, tweaked my apparmor profile, setup my extensions, etc. Works great! Some things fail like view page source and it uses much more memory, but wow is the interface smoother! Some relevant stuff: I set the thread count to 45 (so I get one thread per tab) and no issues. Firejail --tree lists each content process as a container beneath the main firefox process and lists all of them. I think at this point FF is more secure on Linux than Chromium is with the exception of malware that exploits one tabs content and tries to gain info from another- FF devs will likely need time to get stronger sandbox isolation here. As far as reduced attack surface, im not sure if running firejail+ FF's innate seccomp-bpf is better or worse than FF's sandbox alone; I do know that Firejail more effectively limits access to the underlying filesystem (for Chromium or Firefox), so I'll roll with what I have now.
Firefox 49 is now available from the Mozilla FTP server. No doubt it will be offered via the internal updater soon. Multi-process still not available in the UI for me, but I'm using a number of extensions. It may be enabled for those who don't use extensions ( ? )
FYI you can force enable it. Im running 10 extensions and they all work fine with e10s firefox. Stylish has an annoying bug where I cant edit any of the userstyles, but I can copy over the styles from another profile or install them from userstyles.org.
I tried enabling it following these instructions: http://techdows.com/2016/08/firefox-48-e10s-enabled-or-disabled-if-disabled-enable.html Unfortunately what I see now in about:support is Multiprocess Windows 0/2 (Disabled by add-ons)
This is what you need: browser.tabs.remote.autostart=true browser.tabs.remote.force-enable=true In order to avoid restarting FF after installing/updating restartless addons: extensions.e10sBlocksEnabling=false More than one content process: dom.ipc.processCount=4 (or 8 or whatever you want)
Thanks! About:Support is now reporting 1/1 (Enabled by user). In task manager I only see one process though with multiple tabs open. Is that correct?
The only thing strange is that for me, I dont see processes for plugins. I see the main firefox process, and I see a bunch of "Web Content" processes (matching the number of tabs I have open). Im guessing this hasnt been released yet... Still, e10s firefox has been awesome to me- no crashes and the interface is much much smoother.
I opened one website (=1xFirefox + 1x plugin-container), and after opening a flash-video i see an additional process: (=1xFirefox + 2x plugin-container) Yes, it's much smoother. I think i'll leave "e10s" enabled.
The last time i executed Windows Task Manager was a long time ago. I use a different Process Manager. But i see them both in Process Hacker and Process Explorer: 2 Plugin-container, one for the website and the other one for the plugin (this has low integrity) (left=PH, right=Process Explorer)
Im sorry, I wasnt using the right terminology- my addons (extensions) dont appear to be separate processes. As I dont have flash or any other plugins (except x264), perhaps im not supposed to see separate processes? I know Chrome/Chromium has separate processes for addons, but they use Web Extensions... Just FYI- im on Linux and I see a firefox process, and then "Web Content" processes for each webpage I have open. Currently have dom.ipc.processCount set to 45. Ill prolly just make it 500 or something so I have a separate process per tab no matter how many I have open. I have 16GB of RAM and a lean desktop so FF can have as much as it wants.
Thanks for the details. I checked with Process Explorer and it's not showing additional threads either, so I'm missing something somewhere. Edit: I checked about:support again and now I'm seeing this "Multiprocess Windows 0/1 (Disabled by accessibility tools)" I don't have any accessibility tools enabled in Firefox advanced settings; not sure what to look for next...
Maybe try this: http://techdows.com/2015/02/fix-enable-e10s-multi-process-disabled-an-accessibility-tool-is-active.html
OK, finally got it working. I think the problem was one of the about:config entries was a string instead of a boolean value. I replaced it and now I'm seeing multiple Plugin Container for Firefox processes in task manager