A group of researchers has built a sandbox framework that can improve the security of Firefox by isolating third-party libraries used by the browser.
Similar to other major browsers, Firefox relies on third-party libraries to render content — such as audio, video, and images — and these libraries often introduce additional vulnerabilities, researchers from the University of California San Diego, University of Texas at Austin, Stanford University and Mozilla say.
To mitigate the issue, the researchers came up with RLBox, a framework that supports sandboxing through either software-based fault isolation or multi-core process isolation, and which is meant to help Firefox run untrusted code.
The proposed architecture isolates libraries in lightweight sandboxes, with “modest and transient” performance overheads (minor impact on page latency), thus reducing the impact of potential compromise.
RLBox, the researchers say, mediates data flow and control flow to automate security checks, minimize renderer change, efficiently share data structures, simplify migration, and bridge machine models.
The general-purpose library-sandboxing framework has already been implemented in production Firefox, to isolate the libGraphite font shaping library, using a WebAssembly sandbox.
“Our retrofitted Firefox successfully tested on both the Firefox Nightly and Beta channels, and ships in stock Firefox 74 to Linux users and in Firefox 75 to Mac users,” the researchers note in a whitepaper (PDF).
RLBox “leverages the C++ type system to enforce safe data and control flow, and enables an incremental compiler-driven approach to migrating code to a sandboxed architecture.”
The framework, the researchers argue, can significantly ease the burden of securely sandboxing libraries in existing code. Furthermore, since it does not depend on Firefox, RLBox could be used as a sandboxing framework for other C++ applications as well.
The researchers have released the RLBox library, along with the modified builds and benchmarks, in open source. The production-ready RLBox and Wasm-based sandbox were released as well.
“Third party libraries are likely to remain a significant source of critical browser vulnerabilities. Our approach to sandboxing code at the library-renderer interface offers a practical path to mitigating this threat in Firefox, and other browsers as well,” the researchers conclude.
Related: Firefox Gets DNS-over-HTTPS as Default in U.S.
Related: Firefox 74 Will Disable TLS 1.0 and TLS 1.1 by Default
Related: Mozilla Patches Firefox Zero-Day Exploited in Targeted Attacks