Mozilla Firefox is probably one of the most famous browsers whose latest version now includes a welcome security upgrade which is expected to keep it safe from code-based attacks.
The upgrade is available and the desktop and mobile editions of Firefox 95 will come with RLBox technology. Its aim is to fend off all damages that may be caused by code security flaws or bugs.
According to the company, the “novel sandboxing tool” will look to make Firefox the most secure browser option around. The RLBox technology was developed by Mozilla by researchers at the University of California San Diego and the University of Texas.
WebAssembly is used to cut off potential buggy code. It is to prevent infection flaws that are able to execute without the user’s knowledge.
Mozilla points out that hackers often chain together two vulnerabilities to breakthrough. The first one has an aim to compromise the sandbox process, while the second one is used to escape from it later. And here it doesn’t matter that all major browsers run web content in their own sandbox process. Previously, this meant having to rise the browser’s subcomponents into a separate process that has its own limitations.
Mozilla says:
“Rather than hoisting the code into a separate process, we instead compile it into WebAssembly and then compile that WebAssembly into native code,”
It is not suitable for every component yet, but the company said that it is working on expanding the reach of RLBox as much as it can – including to other browsers. In 2020 a prototype was shipped to Mac and Linux users with an aim to test and show it can operate effectively across different operating systems.
In a blog post, which is announcing the news, Mozilla’s Bobby Holley commented:
“RLBox is a big win for us on several fronts: it protects our users from accidental defects as well as supply-chain attacks, and it reduces the need for us to scramble when such issues are disclosed upstream,”
This technology is said to open up new opportunities beyond what’s been possible with traditional process-based sandboxing. He added that the company looks forward to expanding its usage and (hopefully) seeing it adopted in other browsers and software projects.
