Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Mozilla Debuts Containers Feature in Firefox Nightly

We live in a connected world where we have multiple online accounts that are often segregated between our personal and work lives. Being able to use all of them at the same time while still keeping them separated isn’t always possible, yet Mozilla is attempting to change that with a brand new feature in the Nightly release of Firefox 50.

We live in a connected world where we have multiple online accounts that are often segregated between our personal and work lives. Being able to use all of them at the same time while still keeping them separated isn’t always possible, yet Mozilla is attempting to change that with a brand new feature in the Nightly release of Firefox 50.

Dubbed Containers, the new feature is meant to allow people use different browser tabs for different contexts, including work, banking, shopping, or personal. Basically, as Tanvi Vyas, Mozilla Security Engineer, explains in a blog post, Containers allows individuals portray the different characteristics of themselves in different situations.

With the help of Containers, one’s identities are segregated in such a way that their browsing behaviors don’t overlap, allowing people to keep their personal and work lives separated while using a single browser. According to Vyas, these identities are truly separated, courtesy of a fully segregated cookie jar, which ensures that the cookies, indexeddb, localStorage, and cache of sites are kept in different Containers for each context: one for Work, one for Personal, etc.

Vyas explains that, with Containers, users can log into a work account and a personal account on the same social platform and can also use two email accounts in side-by-side tabs simultaneously. The Containers feature eliminates the need to use multiple browsers, an account switcher, or to constantly log in and out to switch between accounts.

What Containers aims to achieve is increased user privacy when browsing the Internet, providing people with some control over the techniques websites can use to track them. Since tracking cookies are stored separately, websites won’t be able to track users over multiple containers. To associate the tracking information from multiple containers, websites would have to use device fingerprinting techniques.

“Containers also offers the user a way to compartmentalize sensitive information. For example, users could be careful to only use their Banking Container to log into banking sites, protecting themselves from potential XSS and CSRF attacks on these sites. Assume a user visits in an non-banking-container. The malicious site may try to use a vulnerability in a banking site to obtain the user’s financial data, but wouldn’t be able to since the user’s bank’s authentication cookies are shielded off in a separate container that the malicious site can’t touch,” Vyas explains.

For the time being, however, the Containers implementations in Firefox Nightly is a basic one, allowing users to manage identities from a minimal interface. However, the feature is expected to receive improvements as users test it and provide feedback on it. Mozilla expects to make the design more convenient, elegant, and usable.

Advertisement. Scroll to continue reading.

In fact, Vyas notes that one of the main issues that has been long discussed is the inability to efficiently use “Contextual Identities” on the web, because it’s difficult to determine the right user experience. Some questions that need to be answered in this regard include users’ ability to determine the context they are operating in, how to recover if they make a mistake and use the wrong context. Moreover, it remains to be determined if the browser can assist by automatically assigning websites to Containers so that users don’t have to manage their identities by themselves and what heuristics would the browser use for such assignments.

In Nightly Firefox 50, users can start using the new feature by opening a New Container Tab from the File Menu (on Windows, the File Menu becomes accessible after hitting the Alt key) and choosing between the available Personal, Work, Shopping, and Banking options. Each tab has a different decoration, so that users know which context they are browsing in, while the regular browsing context, or default container, has no such decoration.

“The right side of the url bar specifies the name of the Container you are in along with an icon. The very top of the tab has a slight border that uses the same color as the icon and Container name. The border lets you know what container a tab is open in, even when it is not the active tab,” Vyas explains.

The normal browsing experience that users receive when launching a New Tab or a New Window remains unchanged, as normal tabs continue to access all of the site data that the browser has already stored in the past. The user interface of normal tabs isn’t changed either, and all site data read or written will be put in the default container when browsing in the normal context.

When the Containers feature is used, however, the Container tabs won’t have access to the site date stored in the default container. Similarly, normal tabs don’t have access to site data stored for a different Container tab. The feature was also designed in a way that allows users to browse the Internet via normal tabs alongside other Containers.

For the time being, Containers remains an experimental feature, aimed for Nightly Firefox only, meaning that it will be disabled when the browser moves to Aurora/DevEdition 50. The stable Firefox release, currently at version 47, won’t include it either. Nightly users also have the option to disable Containers altogether, from about:config.

Related: Firefox Warns of Password Requests Over HTTP

Related: Critical, High Severity Flaws Patched in Firefox

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.