"Firefox is insecure" - Refuted

5 min read
fairly difficult
Lately, a member of the privacy community on reddit has been [making the claim that Firefox is very insecure and unsafe to...
Lately, a member of the privacy community on reddit has been making the claim that Firefox is very insecure and unsafe to use. I doubt that this individual is an expert in the field of cybersecurity and the only relevant person cited is Daniel Micay, the creator of a niche mobile OS. There are many browser security experts who recommend and use Firefox, such as Raymond Hill the creator of uBlock Origin/uMatrix, and Giorgio Maone, the creator of NoScript Security Suite. Not to mention Firefox is trusted by the Tor development team for their browser bundle. With that said, here is my take on the article linked above:

Firefox lacks many security features that Chromium has such as site isolation,

They have had this feature in nightly since last summer and it should be rolled out to beta/release by the end of the year. The author neglects to mention this important detail as if Mozilla had simply ignored the issue of strict site isolation altogether.

a hardened memory allocator (mozjemalloc is just a few security features tacked on to jemalloc and is not similar to a hardened memory allocator),

If we explore the source for the author's claim here, it's Daniel Micay's opinion of Firefox's memory allocator in a much larger (and heated) thread with Tom Ritter, a Mozilla security engineer. And as Richard Pospesel from the Tor Project summarized, "this convo went from 'wow an interesting discussion about allocators' to 'fuck you Tom' real quick and without provocation." Micay's behavior in the thread aside, we can clearly see that security experts have differing opinions on this matter.

Control-Flow Integrity and many more.

Chromium just added this feature and Firefox appears to be planning to follow suit and add it as well. The author fails to mention that this was a recent addition and has not even been implemented on all Chromium platforms yet.

Firefox's current security features such as its browser sandbox are a lot worse than Chromium's. Excluding the issue of…
Read full article