JSFfox: Run-timely confining Javascript for Firefox

Abstract

Current web applications incorporate third-party content hosted at different origins that offer a series of online services, as well as a suit of reusable libraries. Since those services and libraries constantly demand access to privacy-sensitive data for implementing normal operations, web developers and users must trust them not to induce privacy exfiltration. However, due to a common feature of all-or-nothing fashion, the security mechanisms of present web browsers are essentially insufficient for mitigating the risks caused by third-party code. This paper presents JSFfox, a JavaScript confinement system which enforces flexible information-flow policies for Firefox. Under JSFfox, not only the compartments but also the transferred message that contains the sensitive data are associated with information-flow labels, which can be tracked for enforcing substantial policies. We characterize a wide range of web applications for demonstrating the motivations and requirements of JSFfox’s design and implement the secure versions of those applications, which guarantees flexibility for developers as well as privacy for users. We develop a functional prototype of JSFfox built on top of Firefox, and the experimental results show that JSFfox has a fully backward-compatibility with current web and introduces a negligible overhead compared with the legacy Firefox.