Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing accidental defects as well as supply chain attacks.
The improved protection mechanism is designed to harden the web browser against potential weaknesses in off-the-shelf libraries used to render audio, video, fonts, images, and other content.
Mozilla is incorporating fine-grained sandboxing into five modules, including its Graphite font rendering engine, Hunspell spell checker, Ogg multimedia container format, Expat XML parser, and Woff2 web font compression format.
The framework uses WebAssembly, an open standard that defines a portable binary-code format for executable programs that can be run on modern web browsers, to isolate potentially unsafe code. Firefox also implements Site Isolation, which loads each website separately in its own process and, as a result, blocks arbitrary code hosted on a rogue website from accessing confidential information stored in other sites.
The attacks often work by stringing together two or more flaws that aim to breach the sandboxed process containing the suspicious site and break out of the isolation barriers, effectively undermining the security measures put in place.
Retrofitting isolation can be labor-intensive, very prone to security bugs, and requires critical attention to performance, also it minimizes the burden of converting Firefox to securely and efficiently use untrusted code.
RLBox aims to increase browser security by sandboxing third-party C/C++-language libraries that are vulnerable to attacks from interfering with other browser processes and limit potential damage. Put differently, the goal is to isolate the libraries in lightweight sandboxes such that threat actors can’t exploit vulnerabilities in these subcomponents to impact the rest of the browser.
Mozilla noted that cross-platform sandboxing for Graphite, Hunspell, and Ogg is shipping in Firefox 95 across desktop and mobile versions of the browser, while Expat and Woff2 are expected to gain support for the feature in Firefox 96.