Firefox 100.0.1 Released with Enhanced Windows Process Isolation
Mozilla Firefox 100.0.1 is a minor bug fix release that fixes problems in the browser’s Picture-in-Picture mode and improves sandboxing on Windows devices.
Mozilla planned to release the new version on May 11, 2022 initially, but the release was delayed. It’s unclear why it was delayed at this point, but it’s expected to be soon.
The main change in Firefox 100.0.1 improves Firefox’s security sandbox on Windows devices. Mozilla notes that the sandbox is blocking access to Win32k APIs for content processes on Windows now.
The Linux and Mac versions of Firefox have already seen security improvements over previous versions. Firefox for Mac included changes in version 95 that block access to WindowServer, which improved security and process launch performance on Mac devices.
Firefox 99 for Linux included a change that removed the content process connection to the X11 server, which “prevents attackers from exploiting the unsecure X11 protocol.”
The enhancement in Firefox for Windows significantly improves browser security by blocking access to Win32k APIs for content processes. Mozilla notes that Win32k APIs are often targeted by exploits and that the limitation puts an end to exploits.
The change is rolling out to Windows 10 Creators Update and newer versions of Windows at the time of this writing, which means any supported installation of Windows 10 and Windows 11 with Firefox is already supported.
Mozilla is still working on implementing the feature in Windows 8 and supporting the security sandbox feature in earlier versions of Windows 10.
The organization posted a technical description of the feature and implementation on its Mozilla Hacks website.
Picture-in-Picture mode saw several improvements in the Firefox 100 release. One of the major changes added support for subtitles and video subtitles on many Internet video streaming sites.
Firefox 100.0.1 fixes two bugs, one related to displaying subtitles:
- Fixed an issue with subtitles in Picture-in-Picture mode when using Netflix
- Fixed an issue where some commands were not available in the Picture-in-Picture window
Now you: Have you used Firefox’s Picture-in-Picture feature? What is your opinion on improving the security sandbox?