Closed Bug 557734 Opened 10 years ago Closed 10 years ago
Fox integrity level (MIC) in Windows Vista/2008/7/2008 R2 is at Normal
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) I was working on a project recently regarding MIC and was using SysInternal's Process Explorer to check my program's integrity level. While browsing through the process listing, I noted to my surprise that Firefox was running at normal integrity level while IE8 was running in low integrity. I didn't think much on this until I read an article at Ars Technica that pointed out this same exact issue (apparently Google Chrome also uses low integrity levels, though I have not verified this myself). They even went so far as to advise people away from Firefox, stating that IE8 and Chrome provided better security. I don't necessarily agree with them (regarding IE security, at least), but they do make a valid point. A browser should isolate itself from the system as much as possible to prevent security breaches, and Mandatory Integrity Control does provide a good deal of protection (even if it isn't perfect). Reproducible: Always Steps to Reproduce: 1. Open Firefox. It doesn't matter what page is visible. 2. Open Internet Explorer 8 (protected mode should be on) or Google Chrome (latest version). 3. Run SysInternal's Process Explorer and change the column settings so the Integrity column is visible. Actual Results: IE8's browsing subprocesses and Chrome show Low integrity levels, but Firefox shows normal integrity. Expected Results: All browsers should have run in low integrity. MSDN has an article talking about designing applications in low integrity mode: http://msdn.microsoft.com/en-us/library/bb625960.aspx The simple part is making the process. That's about all I know how to do, myself, otherwise I'd offer to help!
Please don't file bugs without looking first. See <https://wiki.mozilla.org/Mozilla_2/Protected_mode> and bug 266533.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 266533
Sorry. I had looked for MIC and integrity level, since those were the underlying technologies. I didn't think of looking for protected mode.
You need to log in before you can comment on or make changes to this bug.