Mozilla has introduced new approach to secure Firefox browser for Linux and Mac, using a new lightweight sandboxing architecture, called RLBox, that employs WebAssembly sandbox to protect against vulnerabilities posed by third-party libraries.
While Firefox make use of various external libraries to render audio, images and videos, which third-party sources could be exploited by attackers to introduce malicious scripts; with security now a highly-required feature for any web application to avoid compromises to personal data and business information.
Before now, Firefox uses process-level sandboxing and Rust programming language to protect against security issues. However, the method mostly benefit pre-existing components and, often restricted to certain area with various limitations.
What Is RLBox Sandboxing Architecture?
Mozilla in conjunction with researchers from the University of California San Diego, Stanford University and University of Texas at Austin, developed the new framework called RLBox to improve web browser security.
RLBox helps to improve browser security by separating third-party libraries from the rest of the browser that could contain potential security issues, which process is known as sandboxing. It runs on WebAssembly security mechanism to put the browser components into secure sandboxes so that attackers can't exploit the system through third-party libraries.
The unique sandboxing method separate third-party libraries from the browser’s native code; but instead of isolating the app from the operating system, RLBox will completely obstruct the execution of any malicious code within the external library on the system.
Firefox 74 Availability For Linux And Mac
RLBox has been integrated into Firefox 74 to complement other security capabilities on the browser. And it is currently available for the browser versions for Linux and Mac, with the new update of Firefox 74 expected to launch in March 2020.
Also, expected is the DNS over HTTPS (with Cloudflare as the DNS resolver) roll out to users, which turns the option on by default for users in the United States. And for alternative DNS service, users can select NextDNS via the Network Settings dialog in Preferences.
Additionally, there is the disabled TLS 1.0 and TLS 1.1. for sites that don't support TLS version 1.2, which going forward will show an error page.