Closed Bug 557734 Opened 10 years ago Closed 10 years ago

FireFox integrity level (MIC) in Windows Vista/2008/7/2008 R2 is at Normal


(Core :: Security, enhancement)

Windows 7
Not set





(Reporter: mngoldeneagle, Unassigned)


User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)

I was working on a project recently regarding MIC and was using SysInternal's Process Explorer to check my program's integrity level.  While browsing through the process listing, I noted to my surprise that Firefox was running at normal integrity level while IE8 was running in low integrity.  I didn't think much on this until I read an article at Ars Technica that pointed out this same exact issue (apparently Google Chrome also uses low integrity levels, though I have not verified this myself).  They even went so far as to advise people away from Firefox, stating that IE8 and Chrome provided better security.

I don't necessarily agree with them (regarding IE security, at least), but they do make a valid point.  A browser should isolate itself from the system as much as possible to prevent security breaches, and Mandatory Integrity Control does provide a good deal of protection (even if it isn't perfect).

Reproducible: Always

Steps to Reproduce:
1. Open Firefox.  It doesn't matter what page is visible.
2. Open Internet Explorer 8 (protected mode should be on) or Google Chrome (latest version).
3. Run SysInternal's Process Explorer and change the column settings so the Integrity column is visible.
Actual Results:  
IE8's browsing subprocesses and Chrome show Low integrity levels, but Firefox shows normal integrity.

Expected Results:  
All browsers should have run in low integrity.

MSDN has an article talking about designing applications in low integrity mode:
The simple part is making the process.  That's about all I know how to do, myself, otherwise I'd offer to help!
Please don't file bugs without looking first. See <> and bug 266533.
Closed: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 266533
Sorry.  I had looked for MIC and integrity level, since those were the underlying technologies.  I didn't think of looking for protected mode.
You need to log in before you can comment on or make changes to this bug.