notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 15:40:48 +05:30
Code Issues Releases Wiki Activity

Updated Optional Hardening (markdown)

yokoffing
2026-04-20 16:49:29 -04:00
parent 3665f2ebab
commit 801752378b
1 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Optional-Hardening.md
+14 -4
@@ -242,12 +242,19 @@ user_pref("browser.eme.ui.enabled", false);
***
### JIT Optimization
#### How JavaScript Compilers Work
### JavaScript Optimization
#### How compiler optimization works
Browsers use a tiered system to process JavaScript. It is a trade-off between speed (performance) and safety (attack surface).
<details>
<summary>read more</summary>
1. **Interpreter**: reads the code line-by-line. It is the safest but slowest.
2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple machine code. It provides a good speed boost without complex logic that is easily exploitable.
3. **Optimizing JIT** (Ion/TurboFan): Takes frequently run code and aggressively optimizes it based on assumptions (e.g., "this variable is always an integer"). This is where the massive speed gains come from, but the complex logic required to guess and optimize creates a massive "attack surface" for exploits. Roughly half [1](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [2](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of V8 engine vulnerabilities are found in this [optimizing tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation).
2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple code. It provides a good speed boost without complex logic that is easily exploitable.
3. **Optimizing JIT** (Ion/TurboFan): Takes frequently run code and aggressively optimizes it based on assumptions. This is where most speed gains come from, but the complex logic required to guess and optimize creates a massive "attack surface" for exploits. Roughly half [1](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [2](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of V8 engine vulnerabilities are found in this [optimizing tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation).
</details>
#### Disable JIT optimization
When you disable [V8 Optimization](https://windowsreport.com/google-chrome-v8-security-setting/) in Chrome, you are disabling Maglev (mid-tier optimizing compiler) and Turbofan (top-tier optimizer), but keeping Sparkplug (baseline compiler) and Ignition (interpreter).
@@ -273,6 +280,9 @@ user_pref("javascript.options.wasm_optimizingjit", false);
#### Disable WASM
> [!WARNING]
> Some apps and websites will malfunction if you disable WASM.
In Edge's version of disabling V8 Optimization ("[Enhance your security on the web](https://support.microsoft.com/en-us/microsoft-edge/enhance-your-security-on-the-web-with-microsoft-edge-b8199f13-b21b-4a08-a806-daed31a1929d)"), Edge is more likely to break websites because it disables WASM entirely and not just V8 optimization.
If you disable WASM in Firefox, you might see similar breakage on sites that rely on it.