Firefox for Mac and Linux To Get a New Security Sandbox System

Mozilla will add a new security sandbox system to Firefox on Linux and Firefox on Mac. The new technology, named RLBox, works by separating third-party libraries from an app's native code. From a report: This process is called "sandboxing," and is a widely used technique that can prevent malicious code from escaping from within an app and executing at the OS level. RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app's internal components -- namely its third-party libraries -- from the app's core engine. This technique prevents bugs and exploits found inside a third-party library from impacting another project that uses the same library.

Re:

[Aaden42]

Not on Mac. It's still a fully un-sandboxed app with global permissions equivalent to the running user's maximum access.

mess

[bussdriver]

I've tried to setup the mac sandbox for firefox and it's a huge mess to do... A big problem is that the browser needs tons of access to function normally already. Think about it: a browser saves and opens files from most everywhere the user does and needs full network access. Since newer FF downloads only to 1 location and doesn't allow you to choose where to save, the write permissions could be limited... except add-ons that change behavior can go outside the default permissions.

Re:

[gtall]

" Since newer FF downloads only to 1 location and doesn't allow you to choose where to save" errrmmm....I'm running FF 72.0.2 and I think is "newer" and it still presents me with a place to download. I have my preferences set to Always Ask to Save Files. And above that is a radio button for where to automatically save were I to want that.

Re:

[angel'o'sphere]

with global permissions equivalent to the running user's maximum access.
And what exactly is that supposed to mean?

Re:

[augo]

Looking into Activity Monitor it seems that Firefox Web Content, RDD Content and WebExtensions processes are OS-sanboxed. However for some reason the main Firefox process is not.

Re:Does Firefox on Mac and Linux use OS sandbox no

[bsolar]

There is a nice documentation here [mozilla.org].

webLOL! webNo! -- Signed, WhatWG

[BAReFO0t]

This is the WhatWG we are talking about. Its mission is to web* ALL the things.

I mean what about Web...SOCKETS doesn't make that obvious? :)

Unfortunately, I'm already one step ahead:
https://bellard.org/jslinux/vm... [bellard.org]
Yeah. IE ... on Windows 2000 ... in Firefox.

Sandboxes

[ArhcAngel]

Sandboxes all the way down. I can have Firefox installed in Docker and all my plugins installed in RLBox. Now I just need to create a plugin that creates a sandbox from the sandbox.

Re:

[thereitis]

You've got sandboxes covered. I'll bring a bucket of water and some toy trucks. Vrooom! Beep beep beep.... :)

Re:

[jfdavis668]

I bet at the bottom of the sandbox you will find a turtle.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[arglebargle_xiv]

Why doesn't Firefox sandbox its memory usage, so all the leaks are confined to the sandbox and you don't suddenly notice that 15.9GB on your 16GB machine is allocated to Firefox.

While we're at it, sandboxing video playback so you can't bluescreen your machine by watching Youtube videos would be good too. This isn't machine-specific, it's endemic to Firefox, do a Google search.

You forgot your IME sandbox. :)

[BAReFO0t]

Yeah, it essentially sandboxes the OS so it doesn't have access to the IME's stuff.

xkcd said it all

[ffkom]

Just another turn in the sand-boxing circle of stupidity: https://xkcd.com/2044/ [xkcd.com]

Re:

[gtall]

"performant" Okay, who let the pointy haired dweeb in here?

Re:

[Wootery]

We will be stuck in this cycle of stupidity until hardware offers fine-grained isolation mechanisms, which are both secure and performant.

Depending on how much performance you need, we have this already with virtualisation. Amazon is betting their reputation on the secure isolation between EC2 instances. They communicate over high-speed network. Fast, by network standards, but certainly slower than a function-call.

If browsers weren't needlessly complex

[Viol8]

..and in effect a mini OS running in a real OS, then none of this nonsense would be required. Browsers should bin javascript and any other Turing complete programming subsystems and go back to being dumb presentation clients with the heavy lifting going on server side.

That doesn't make sense in a world

[rsilvergun]

where the clients are carrying around super computers in their pockets. Also users want their websites to have all sorts of fancy features like being able to click "Reply to this" and getting a box where they can type their reply directly under the comment. Or fancy menus. Or animations that show when something is loading. Or any of a dozen or so UI features that are all nice to have....

Re:That doesn't make sense in a world

[Retired ICS]

I believe you are pleading facts not in evidence. I have never seen nor heard of anyone wanting websites to operate as you describe *except* so-called "web designer" crowd and their next-relatives "graphic designers". The former should be taken out behind the barn and beaten to death with baseball bats, and the latter confined to printed media (as in on paper).

These two groups are, by themselves, completely and entirely responsible for everything that is wrong with the web.

Re:

[slack_justyb]

These two groups are, by themselves, completely and entirely responsible for everything that is wrong with the web.

Hold up now. Let's not forget to give some credit to the W3C for the banged up job they've been doing for targeting "apps" as the thing to compete with.

You haven't done much work with users then

[rsilvergun]

not that I've done a ton, but if I give a user a basic web page they complain it's hard to navigate and it looks old and tired. Companies don't redesign things just for fun. Especially B2B companies where I see a lot of these new UIs cropping up. Businesses, especially in America, will run the same stuff forever if they can, only changing it out when it breaks. It costs money to make these fancy websites, and no business is going to spend that money if they don't have to. The owner would be much happier to

Terminals did partial updates ages ago!

[BAReFO0t]

There still are ANSI escape sequences to move the cursor to output the next characters at a specific location.

Essentially, VNC is doing that exact thing graphically.

So yeah, basically, at this point we could just jump to the NX protocol with added H.265 compression and such for streaming 3D games, movies etc.

Hell, anyone tried building an input server that can be combined with YouTube live streams to get a full remote PC experience whem full-screen? :D

Fuck, I will code it this weekend! Woohoo! Suck on that,

Re:

[gweihir]

Indeed. This whole thing is very, very stupid. The worst I have seen is pushing 1.5MB of JS to the client to render a table that would have rendered entirely fine in plain HTML 2.0.

Re:

[webnut77]

Browsers should bin javascript

There are a whole lot of web functions that rely on AJAX to perform "as you type" data lookups and asynchronous updates. Javascript makes this possible. How do you think Slashdot's mod system works? It doesn't do a HTTP POST to record your mod. It uses AJAX to update the database leaving your browser page exactly where it was so you can continue reading posts.

Just install any Javascript blocker in your browser and you should be a happy camper.

Re:

[Anonymous Coward]

Do you actually web? You know that AJAX requests can use any of the HTTP verbs. Right? Like DELETE, PUT, PATCH, POST, GET...

Yes, they do make POSTs, you moron. They just don't do it where you can see it.

TL; DR: AJAX and POST aren't mutually exclusive. To say AJAX doesn't make a POST is like saying rain isn't water because oceans are water.

Also, you're a moron.

Re:

[AHuxley]

An all Ada browser?

Re:

[MtHuurne]

Even without scripting, a web browser uses many different libraries for supporting a large number of image, font, audio and video formats. Buffer overflows in those could compromise the browser.

Re:

[twocows]

Sure, but the vast majority of exploits in the wild are based on JS, presumably because it's easier to exploit in useful ways. While getting rid of it wouldn't offer immunity, it would force exploit authors to work harder, which would inevitably make it not worth the trouble for some of them and require more time and effort (and possibly money) for others.

I don't think nuking JS is a viable option, but I'd be interested in seeing if it's possible to make a browser that takes a minimalist approach to JS a

Idiotic ...

[Retired ICS]

Define "app".
Define "third party library"

I already have JavaScript and WebAssembly disabled. That completely prevents malicious code execution on my computer. I have no need of a "Sandbox" for the cat to piss in.

Yeah... you aren't.

[BAReFO0t]

HTML5 itself is already Turing complete. Its interpreter is as complex, if not more so, than that of JS, let alone WebAssembly (which is currently useless without JS relaying).

Also, since most of the web doesn't even work anymore without JS, you are disabling it all the time. Especially on sites that crackers would target.

Can it import and export passwords again?

[hazem]

If not, why would I want this?

It's likely a SQLite database.

[BAReFO0t]

An SQL statement, plus some application of a decryption function, should get you there.

And never back. :)

Oh come on, just call it an OS and VM already!

[BAReFO0t]

It's not a document browser in any way shape or form anymore!
Just a shitty OS tied tightly to a shitty VM that would be better if it were a full VM and a full OS, as we could at least replace them independently.