The basis of the Firefox security sandbox model is that web content is loaded in "Content process", separate from the trusted Firefox code which runs in the "Chrome process" (also called the "parent" process). Content processes execute in a sandbox which limits the system privileges so that if a malicious web page manages exploits a vulnerability to execute arbitrary code it will be unable to compromise the underlying OS.
[[File:Sandbox Hardening.png|framed|none|Process Model]]
The sandboxed child processes (red borders) include the content processes (web, file & extension) and several other child processes: