The basis of the Firefox process sandboxing is that untrusted web content is loaded in untrusted Content Process, separated from the parent Chrome process which acts a broker to access privileged OS functionality and data. Content processes execute in a sandbox which limits the system privileges so that if a malicious web page manages exploits a vulnerability to execute arbitrary code it will be unable to compromise the underlying OS.
[[File:Sandbox Hardening.png|thumbnail]]
'''Open Questions'''
* What other things fall into the same category (is there a better name for this?)
=== IPC Hardening ===
=== IPDL ===
See bug https://bugzilla.mozilla.org/show_bug.cgi?id=1041862