Mozilla is introducing a new security feature that it claims will make Firefox the most secure browser available to consumers. The new sandbox tool called RLBox, available today through the Firefox 95 update, was developed in collaboration with the University of California, San Diego and the University of Texas.
All modern browsers use sandboxing to protect their users from malicious code. The problem is that many of the more advanced exploits combine two vulnerabilities to bypass these protections. With RLBox, Firefox will compile a process in WebAssembly and then convert it to native code. According to Mozilla, this approach has two major advantages. Prevents code jumps between different parts of a program and restricts access to certain areas of its memory systemic you.
With today's release, Mozilla will use RLBox to isolate five components of Firefox, including the browser's Graphite font rendering engine and the Ogg multimedia module. If the system works as expected, the company says that "even a zero-day vulnerability in any of the five components] should not be a threat to Firefox."
Η Mozilla notes that it will not be able to use RLBox to protect every component of Firefox. For example, it is not suitable for modules that depend on memory sharing with the rest of the program. However, the company hopes that other developers will use the technology to make their software more secure. RLBox, meanwhile, is now available in all versions of Firefox for desktop and mobile devices.
Source of information: engadget.com