Firefox security RLBox was developed by Mozilla in collaboration with researchers at the University of California, San Diego and the University of Texas. This tool uses WebAssembly to isolate potentially buggy code so that potentially infected or buggy files cannot be launched or executed without the user’s knowledge. Mozilla notes that while all major browsers, including Firefox, run web content in their own sandbox process, hackers often chain two vulnerabilities together to defeat them.
The latest version of Mozilla Firefox includes a welcome security upgrade that is expected to protect the browser from code-based attacks. The currently available desktop and mobile versions of Firefox 95 include RLBox technology that aims to prevent and limit damage caused by security holes and code bugs.
The company claims that its “innovative sandbox tool” aims to make Firefox the safest browser option.
Highlights
The company will provide test prototypes to Mac and Linux users in 2020, demonstrating that it can work effectively on a variety of operating systems. “This technology opens up new possibilities beyond what was possible with traditional process-based sandboxing. We look forward to expanding its use and (hopefully) adoption by other browsers and software projects. looking forward to it.”
This meant that the browser subcomponent had to be pulled up into a separate process, which has some limitations and is where RLBox comes in. “Instead of hoisting the code into a separate process, we compile it to WebAssembly and then compile that WebAssembly to native code,” he says, Mozilla. It’s not suitable for all components, but Mozilla says it’s working to expand the reach of RLBox as much as possible to include other browsers.