Remix.run Logo
yjftsjthsd-h 4 hours ago

In mean... It kinda feels like this is legitimately true? An attacker trying to do anything on a user's machine through this would have to find a Firefox vulnerability and a vulnerability in the wasm runtime, which is such a high bar that I would actually feel remarkably safe running this thing. The only question is how performance works and whether there are any pain points using as a daily driver, but those feel likely to be a pretty minor point. Oh, and the usual caveat that an attacker can still compromise things inside the sandbox which does leave a certain amount of exposure (but if you run different things in different instances they're isolated).

coolelectronics 18 minutes ago | parent | next [-]

Unless you're running every origin in a different instance, I wouldn't use this as a daily driver, since a site would only need to find a renderer vuln to be able to read the rest of your cookies as multiprocess isolation is disabled here

rlmineing_dead 4 hours ago | parent | prev | next [-]

This is true but also this is probably also only half true. Sandboxing is not a fully solved issue since this 100% degrades firefox sandboxing since fission cant run and its running in singleprocess mode. Just wanted to be honest about this

Retr0id 2 hours ago | parent | prev [-]

Assuming you're running Firefox as the outer browser too, in theory it only needs a single bug in the wasm runtime, plus a sandbox escape.