Mozilla on Monday released Firefox 95 to the stable channel with a new isolation feature in tow, designed to keep untrusted code at bay and better protect users from web attacks that attempt to escape the sandbox.
Dubbed RLBox, the new sandboxing technology has been developed in collaboration with academics at the University of California San Diego and the University of Texas and is meant to complement existing protections by isolating subcomponents.
To keep users protected from web attacks, browsers run sites in sandboxed processes, but adversaries attempt to chain flaws to escape the sandbox and compromise the victim device.
With RLBox, third-party libraries prone to attacks are also isolated from the rest of the browser, in a fine-grained software sandbox. Thus, in addition to isolating websites in their own processes, the browser attempts to protect from potentially buggy subcomponents.
RLBox, which is a standalone project that relies on WebAssembly for isolating potentially problematic code, is now rolling out to all Firefox users with support for isolating the Graphite, Hunspell, Ogg, Expat and Woff2 modules.
Because the technology considers these untrusted code, it should keep users protected even from attacks targeting zero-day vulnerabilities in them.
“Accordingly, we’ve updated our bug bounty program to pay researchers for bypassing the sandbox even without a vulnerability in the isolated library,” Mozilla says.
In RLBox, code is compiled into WebAssembly and then compiled into native code, which makes WebAssembly an intermediate step into the build process, meaning that no .wasm files ship in Firefox.
The new feature prevents code from jumping to “unexpected parts of the rest of the program” and keeps it confined to a specified memory region.
“Together, these restrictions make it safe to share an address space (including the stack) between trusted and untrusted code, allowing us to run them in the same process largely as we were doing before,” Mozilla explains.
With this approach, the programmer is only required to sanitize values coming out of the sandbox, to make sure they are not maliciously crafted.
“RLBox is a big win for us on several fronts: it protects our users from accidental defects as well as supply-chain attacks, and it reduces the need for us to scramble when such issues are disclosed upstream. As such, we intend to continue applying to more components going forward,” Mozilla says.
Related: Mozilla Rolling Out ‘Site Isolation’ With Release of Firefox 94
Related: Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API
Related: Firefox 93 Improves Protection Against Tracking, Insecure Downloads