Social Items

The Firefox-maker is poised to introduce a novel sandboxing technology called RLBox in Firefox 95, which technology was developed in collaboration with researchers at the University of California San Diego and the University of Texas.

RLBox Sandboxing technology uses WebAssembly to isolate potentially-buggy code, making the isolation of subcomponents easier for more secure browsing and will be extended to all supported Firefox platforms (desktop and mobile), with five different modules: Graphite, Hunspell, Ogg, Expat and Woff2.

Even with these modules as untrusted code, or a zero-day vulnerability in any of them should pose no threat to Firefox with the RLBox technology in place.

How Isolating with RLBox makes the Difference?



The major browsers including Chrome, Safari and Microsoft Edge, all run Web content in its own sandboxed process, which in theory helps to prevent it from exploitations by a browser vulnerability to compromise your computer.



And having isolated things along trust boundaries, the next logical step is to also isolate across functional boundaries. This has meant hoisting a subcomponent into its own process, as Firefox runs audio and video codecs in a dedicated, locked-down process with a limited interface to the rest of the system. But, there are some serious limitations to this approach, it requires decoupling the code and making it asynchronous, which is time-consuming and could impose a performance cost.

As a result, nobody would want to seriously consider hoisting something like the XML parser into its own process, because to isolate at that level of granularity, we need a different approach.

Now, with RLBox, rather than hoisting the code into a separate process, it can instead be compiled into WebAssembly and then the WebAssembly compiled into native code and no need of shipping any .wasm files in Firefox, since the WebAssembly step is only an intermediate representation in the build process.

RLBox makes a big win on several fronts: it protects users from accidental defects as well as supply-chain attacks, and reduces the need to scramble when such issues are disclosed upstream.

How to Upgrade to the latest Firefox 95?



Firefox 95 is available for Windows, macOS and Linux, and can be downloaded from Mozilla's official site or from the respective app stores. But as Firefox updates happen in the background, users will only need to relaunch the browser to receive the latest version.

If perhaps you failed to get automatic update, you can manually update on Windows, by pulling up the menu under the horizontal bars at the upper right, then click on the help icon, which is the question mark within the circle. And select "About Firefox" and the upgrade will begin.

For macOS users, they should select "About Firefox" which can be found under the "Firefox" menu. And the page will show whether the browser is up to date or recommend the refresh process.

Mozilla tightens Sandboxing in Firefox 95 with RLBox technology

The Firefox-maker is poised to introduce a novel sandboxing technology called RLBox in Firefox 95, which technology was developed in collaboration with researchers at the University of California San Diego and the University of Texas.

RLBox Sandboxing technology uses WebAssembly to isolate potentially-buggy code, making the isolation of subcomponents easier for more secure browsing and will be extended to all supported Firefox platforms (desktop and mobile), with five different modules: Graphite, Hunspell, Ogg, Expat and Woff2.

Even with these modules as untrusted code, or a zero-day vulnerability in any of them should pose no threat to Firefox with the RLBox technology in place.

How Isolating with RLBox makes the Difference?



The major browsers including Chrome, Safari and Microsoft Edge, all run Web content in its own sandboxed process, which in theory helps to prevent it from exploitations by a browser vulnerability to compromise your computer.



And having isolated things along trust boundaries, the next logical step is to also isolate across functional boundaries. This has meant hoisting a subcomponent into its own process, as Firefox runs audio and video codecs in a dedicated, locked-down process with a limited interface to the rest of the system. But, there are some serious limitations to this approach, it requires decoupling the code and making it asynchronous, which is time-consuming and could impose a performance cost.

As a result, nobody would want to seriously consider hoisting something like the XML parser into its own process, because to isolate at that level of granularity, we need a different approach.

Now, with RLBox, rather than hoisting the code into a separate process, it can instead be compiled into WebAssembly and then the WebAssembly compiled into native code and no need of shipping any .wasm files in Firefox, since the WebAssembly step is only an intermediate representation in the build process.

RLBox makes a big win on several fronts: it protects users from accidental defects as well as supply-chain attacks, and reduces the need to scramble when such issues are disclosed upstream.

How to Upgrade to the latest Firefox 95?



Firefox 95 is available for Windows, macOS and Linux, and can be downloaded from Mozilla's official site or from the respective app stores. But as Firefox updates happen in the background, users will only need to relaunch the browser to receive the latest version.

If perhaps you failed to get automatic update, you can manually update on Windows, by pulling up the menu under the horizontal bars at the upper right, then click on the help icon, which is the question mark within the circle. And select "About Firefox" and the upgrade will begin.

For macOS users, they should select "About Firefox" which can be found under the "Firefox" menu. And the page will show whether the browser is up to date or recommend the refresh process.
Browser Trends

No comments

Subscribe to: Post Comments (Atom)