Last Updated on 07/12/2021 by Sunaina
Mozilla is starting to ship Firefox 95 with RLBox, a new sandboxing technology that prevents untrusted code and other security flaws from causing “accidental defects as well as supply-chain attacks.”
The improved protection mechanism, dubbed “RLBox,” and developed in collaboration with researchers at the University of California, San Diego, and the University of Texas, is intended to harden the web browser against potential flaws in off-the-shelf libraries used to render audio, video, fonts, images, and other content.
To that end, Mozilla is incorporating “fine-grained sandboxing” into five modules: the Graphite font rendering engine, the Hunspell spell checker, the Ogg multimedia container format, the Expat XML parser, and the Woff2 web font compression format.
To isolate potentially unsafe code, the framework employs WebAssembly, an open standard that defines a portable binary-code format for executable programmes that can be run on modern web browsers. A prototype version of the framework was distributed to Mac and Linux users in February 2020.
To prevent malicious sites from exploiting a browser vulnerability to compromise the underlying operating system, all major browsers are designed to run web content in their own sandboxed environment. Firefox also includes Site Isolation, which loads each website in its own process and prevents arbitrary code hosted on a rogue website from accessing confidential information stored in other sites.
According to Mozilla, the problem with these approaches is that attacks frequently work by stringing together two or more flaws in order to breach the sandboxed process containing the suspicious site and break out of the isolation barriers, effectively undermining the security measures put in place.
“Retrofitting isolation can be labor-intensive, prone to security bugs, and requires critical attention to performance,” the researchers wrote in the paper that inspired the feature. RLBox “reduces the burden of converting Firefox to use untrusted code securely and efficiently.”
RLBox aims to improve browser security by sandboxing third-party C/C++-language libraries that are vulnerable to attacks and preventing them from interfering with other browser processes. To put it another way, the goal is to isolate the libraries in lightweight sandboxes so that threat actors cannot exploit vulnerabilities in these subcomponents to negatively impact the rest of the browser.
“Instead of hoisting the code into a separate process, we compile it into WebAssembly and then compile that WebAssembly into native code,” Mozilla’s principal engineer Bobby Holley explained. “The transformation imposes two key constraints on the target code: it can’t jump to unexpected parts of the rest of the programme, and it can’t access memory outside of a specified region,” according to the researchers, who add that “even a zero-day vulnerability in any of these libraries should pose no threat to Firefox.”
Mozilla stated that cross-platform sandboxing for Graphite, Hunspell, and Ogg is now available in Firefox 95 for both desktop and mobile versions of the browser, with Expat and Woff2 expected to support the feature in Firefox 96.