Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing “accidental defects as well as supply-chain attacks.”
Dubbed “RLBox” and implemented in collaboration with researchers at the University of California San Diego and the University of Texas, the improved protection mechanism is designed to harden the web browser against potential weaknesses in off-the-shelf libraries used to render audio, video, fonts, images, and other content.
To that end, Mozilla is incorporating “fine-grained sandboxing” into five modules, including its Graphite font rendering engine, Hunspell spell checker, Ogg multimedia container format, Expat XML parser, and Woff2 web font compression format.
The framework uses WebAssembly, an open standard that defines a portable binary-code format for executable programs that can be run on modern web browsers, to isolate potentially unsafe code, a prototype version of which was shipped in February 2020 to Mac and Linux users.
All major browsers are designed to run web content in their own sandboxed environment as a means to counter malicious sites from exploiting a browser vulnerability to compromise the underlying operating system. Firefox also implements Site Isolation, which loads each website separately in its own process and, as a result, blocks arbitrary code hosted on a rogue website from accessing confidential information stored in other sites.
The problem with these approaches, according to Mozilla, is that attacks often work by stringing together two or more flaws that aim to breach the sandboxed process containing the suspicious site and break out of the isolation barriers, effectively undermining the security measures put in place.
“Retrofitting isolation can be labor-intensive, very prone to security bugs, and requires critical attention to performance,” the researchers noted in a paper that formed the basis for the feature. RLBox “minimizes the burden of converting Firefox to securely and efficiently use untrusted code.”
images from Hacker News