Mozilla has today launched their latest browser in the form of Firefox 95 which is now equipped with the new RLBox security function, also known as WASMBoxing. RLBox is exclusively available on the Firefox browsers for desktop and mobile devices and will make Firefox one of the most secure browsers on the market enabling you to search safely from any device. RLBox has been developed in collaboration with researchers at the University of California San Diego and the University of Texas.
“RLBox makes it easy and efficient to isolate subcomponents to make the browser more secure. This technology opens up new opportunities beyond what’s been possible with traditional process-based sandboxing, and we look forward to expanding its usage and (hopefully) seeing it adopted in other browsers and software projects. This technique, which uses WebAssembly to isolate potentially-buggy code, builds on the prototype we shipped last year to Mac and Linux users.”
Firefox 95 browser RLBox sandboxing technology
Now, we’re bringing that technology to all supported Firefox platforms (desktop and mobile), and isolating five different modules: Graphite, Hunspell, Ogg, Expat and Woff2. Going forward, we can treat these modules as untrusted code, and — assuming we did it right — even a zero-day vulnerability in any of them should pose no threat to Firefox. Accordingly, we’ve updated our bug bounty program to pay researchers for bypassing the sandbox even without a vulnerability in the isolated library.”
“Rather than hoisting the code into a separate process, we instead compile it into WebAssembly and then compile that WebAssembly into native code. This doesn’t result in us shipping any .wasm files in Firefox, since the WebAssembly step is only an intermediate representation in our build process.
RLBox is a big win for us on several fronts: it protects our users from accidental defects as well as supply-chain attacks, and it reduces the need for us to scramble when such issues are disclosed upstream. As such, we intend to continue applying to more components going forward. Some components are not a good fit for this approach — either because they depend too much on sharing memory with the rest of the program, or because they’re too performance-sensitive to accept the modest overhead incurred — but we’ve identified a number of other good candidates.”
Source : Mozilla