1. 8

  2. 3

    The analysis has been sponsored by Google. X41 D-Sec GmbH accepted this sponsorship on the condition that Google would not interfere with our testing methodology or control the content of our paper. We are aware that we could unconsciously be biased to produce results favorable to our sponsor, and have attempted to eliminate this by being as transparent as possible about our decision-making processes and testing methodologies.

    (Emphasis is mine.)

    Is this the reason why Mozilla Firefox is notably absent from this test, I wonder?

    1. 2

      I dunno why, but Firefox was absent from a lot of things[tm] in the past. It’s not part of the paper above, it’s not a big part of the recent Browser Security paper by Cure53 (https://github.com/cure53/browser-sec-whitepaper) and it wasn’t part of the latest pwn2own contests.

      1. 1

        At the time the report was commissioned, I’m not sure Firefox had much sandboxing to speak of.

        1. 1

          On Windows, there were several sandboxing products people combined with Firefox since it was a general problem not limited to Firefox. Linux had mechanisms for it, too. So, they should improve their security but built-in sandboxing wasn’t strictly necessary. That said, I think it was organizational priorities and talent that was root cause.

        2. 1

          The cure53 paper mentions they really wanted to include it. Google was against it, citing a 2014 study about the Tor browser (which is pre-e10s, pre sandboxing etc.)

          I personally think, that the goal of this paper is to get Enterprises switch from Edge/IE to Chrome. To make it easier for corporate decision makers, the comparison is only to their main rival for this specific market.

        3. 1

          Google commissioned two papers. The other one is at https://github.com/cure53/browser-sec-whitepaper