The new Firefox 95 could be the most secure web browser on the market
The latest version of Firefox is now available and includes a significant advancement in web browser security.
Firefox, the little browser that could do just that, continues to advance. And while other browsers are constantly struggling with one crisis or another, Mozilla developers are tackling what matters most to modern web browsers: security.
This time, the developers released Firefox 95, which includes a new subsystem, called RLBox.
RLBox is a new method of sandboxing, which makes it easier to effectively isolate subcomponents and make Firefox more secure. RLBox uses WebAssembly to isolate possible buggy code.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
The operation of RLBox is complicated, but it breaks down by first compiling a process in WebAssembly, then the converted process is then converted back to native code. This prevents code from moving between different parts of a program and restricts access to specific areas of system memory.
Starting with Firefox 95, RLBox will isolate five components:
- The Graphite rendering engine
- Ogg media module
- Hunspell spell checker
- Expat XML Parser
- Woff2 font compression
Mozilla also clarified that it will not be able to use RLBox to protect every component of the browser. For example, RLBox is not suitable for any module that depends on shared memory to function.
Why is RLBox important?
All web browsers run content in their own sandboxed processes. This is done to prevent the code from exploiting vulnerabilities. The problem is that bad actors attack by chaining together vulnerabilities, one used to compromise a sandboxed process and another to escape the sandbox. In order to defend against this type of common attack, browsers must then require multiple layers of protection.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
To do this, Firefox uses RLBox to place two key restrictions on the target code:
- It is not allowed to jump to unexpected parts of the program.
- It cannot access memory outside a specific region.
These two restrictions allow Firefox to safely share an address space between trusted and untrusted code so they can run in the same process.
RLBox is a big step forward for Firefox security as it protects users from accidental flaws and supply chain attacks. As an added benefit, RLBox reduces the need for developers to scramble and fix something when an issue is leaked upstream.
As far as end users are concerned, there is nothing to configure, activate or install. RLBox is ready to work with Firefox 95. So if you are serious about web browser security, be sure to upgrade to the latest version of the open source web browser right away.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech tips for professionals from Jack Wallen.