Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Firefox Privacy IT Technology

Firefox 95 Will Include RLBox Sandboxing for Added Security (neowin.net) 35

Mozilla has announced through its Mozilla Hacks blog that it plans to ship a 'novel sandboxing technology' called RLBox with Firefox 95 which it has been developing alongside researchers from the University of California San Diego and the University of Texas. From a report: It said RLBox makes it easier to isolate subcomponents of the browser efficiently and gives Mozilla more options than traditional sandboxing granted it. Mozilla said this new method of sandboxing, which uses WebAssembly to isolate potentially-buggy code, builds on a prototype that was shipped in Firefox 74 and Firefox 75 to Linux and Mac users respectively. With Firefox 95, RLBox will be deployed on all supported Firefox platforms including desktop and mobile to isolate three different modules: Graphite, Hunspell, and Ogg. With Firefox 96, two more modules, Expat and Woff2, will also be isolated.
This discussion has been archived. No new comments can be posted.

Firefox 95 Will Include RLBox Sandboxing for Added Security

Comments Filter:
  • It's themed to look like a version of Windows.

    I kid. Anyway this sounds like a good idea given the threat level on the modern web. I'm sure the usual crowd of people irrationally against Firefox will tell us why they switched to a browser that does all the things they hate even more though.

    • by AmiMoJo ( 196126 )

      I just wish they would fix the Android version. I want to switch but the Android version is holding me back.

    • The American right despises California is because it proves that most of their beliefs and assumptions are wrong.

      Like how a having human feces all over city sidewalks is a bad thing! Crazy Republicans!

    • I don't want to know about some silly sandpit thing, tell me what they're going to do in the UI refresh! It must be five or six weeks since it was last changed, what's happening here?
  • Great news! (Score:1, Funny)

    by Anonymous Coward

    I'm sure all two remaining users will be very happy.

    • I am, thanks!
    • me too, you found all of us.

    • by phfpht ( 654492 )
      Sigh. Being the third wheel sucks.
    • I am moving to Brave.
      Some bug in Firefox infuriates me, sometimes I can't see pictures and photos on the BBC Website.
      Sure, found out, you need to press 'CTRL+F5' a few times, to somehow fix that. But doing that regularly pisses me off.

      Been a long time, but eventually had enough. Need to get comfy with Brave as my next default browser. Maybe when Slackware 15 comes out. So I can re-arrange things properly.

  • I wish I had the original FF I had on my old laptop. Every time I turn it on and start FF it updates and runs shittier.
  • by williamyf ( 227051 ) on Monday December 06, 2021 @11:52AM (#62052229)

    You guys in the release channel please Gamma test it for us in ESR, so in a year's time, we can adopt it with confidence.

    thanks in advance.

    • You guys in the release channel please Gamma test it for us in ESR

      Personally I'd be happier if it was Omicron tested a bit longer.

  • Since the link article really doesn't explain much, am I to assume this is another update that will break plugins again?
  • by Gravis Zero ( 934156 ) on Monday December 06, 2021 @12:17PM (#62052343)

    I clicked through until I got to the actual announcement page [mozilla.org] to get the answer.

    What:

    a ‘novel sandboxing technology’ called RLBox with Firefox 95 which it has been developing alongside researchers from the University of California San Diego and the University of Texas. It said RLBox makes it easier to isolate subcomponents of the browser efficiently and gives Mozilla more options than traditional sandboxing granted it.
    [...]
    isolating five different modules: Graphite, Hunspell, Ogg, Expat and Woff2

    How:

    Rather than hoisting the code into a separate process, we instead compile it into WebAssembly and then compile that WebAssembly into native code. This doesn’t result in us shipping any .wasm files in Firefox, since the WebAssembly step is only an intermediate representation in our build process.

    Why:

    However, the transformation places two key restrictions on the target code: it can’t jump to unexpected parts of the rest of the program, and it can’t access memory outside of a specified region. Together, these restrictions make it safe to share an address space (including the stack) between trusted and untrusted code, allowing us to run them in the same process largely as we were doing before. This, in turn, makes it easy to apply without major refactoring: the programmer only needs to sanitize any values that come from the sandbox (since they could be maliciously-crafted), a task which RLBox makes easy with a tainting layer.

    • How:

      Rather than hoisting the code into a separate process, we instead compile it into WebAssembly and then compile that WebAssembly into native code. This doesn’t result in us shipping any .wasm files in Firefox, since the WebAssembly step is only an intermediate representation in our build process.

      I (and probably many others) have WebAssembly disabled in FF, so I wonder how this is suppose to work under that condition?

      • It's already compiled back into native code and compiled to machine code. No webassembly code is deployed with Firefox.

        • It's already compiled back into native code and compiled to machine code. No webassembly code is deployed with Firefox.

          Thanks for confirming that. After posting I actually read TFA and got the impression as you described. Nice to know someone else had the same.

          • This sounds like how the kiddies used to create "pirated" files.

            First you zip up the set of diskettes (or CD's or DVD's)
            Then you chop into 1.2 MB chunks so they will fit on diskette
            Then you write each chunk to a floppy disk (1.2 MB) image
            Then you use some different compressor to turn all the 1.2 MB chunks into a single archive
            Then you chop the archive into a bunch of pieces each the size of a diskette

            So this RLBox was written in some source language, compiled to wasm, then the wasm is compiled to native co

            • So this RLBox was written in some source language, compiled to wasm, then the wasm is compiled to native code. Sounds like a really stupid and asinine procedure, if you ask me.

              Without having much WebAssembly knowledge, my guess would be that it has some desired restrictions/limitations (eg: wrt sandboxing) and the intermediate wasm compilation step is to impose them on the (arbitrary) code w/o having to explicitly implement them in that code -- or re-write that code to comply.

            • So this RLBox was written in some source language, compiled to wasm, then the wasm is compiled to native code. Sounhds like a really stupid and assinine procedure, if you ask me.

              Actually, it gets compiled from wasm to C then to native code but yeah, it's an obfuscated system.

              They are just a bunch of idiots who believe in complication and obfuscation and ignore the KISS principle because, well, they are addle mo'fo's

              Actually, it's a proven to work method that does what they desire. Correct functionality should always be the primary goal and then you can optimize the process. I'm sure it's piqued the interest of compiler writers, some of whom are going investigate and distill the transformation to it's most basic components. The result is likely we'll end up with a compiler flag that ensures code isolation without an int

    • > places two key restrictions on the target code: it can’t jump to unexpected parts of the rest of the program, and it can’t access memory outside of a specified region.

      That second part sounds like in-process memory segmentation (granted, a lot more granular).
      I'm sure there is an OS-level technique for the first too.

      Did we just undo 30 years of OS development by pushing everything back into a browser with a single process execution style?

      • Did we just undo 30 years of OS development by pushing everything back into a browser with a single process execution style?

        It's highly doubtful. They haven't reported what the performance impact which suggests it's minimal but I'm sure someone will do benchmarks to show the difference.

  • Firefox Basic (Score:5, Insightful)

    by mrwireless ( 1056688 ) on Monday December 06, 2021 @01:09PM (#62052633)

    I really wish there was a browser that removed support for all the needlessy complicated tech that mostly helps malicious actors fingerprint your browser.

    I would love a version of Firefox that:
    - Only makes a minimal set of system fonts available
    - Locks down canvas use for fingerprinting
    - Strips out features like web-bluetooth, web-usb
    - Strips out NaCl
    - Doesn't allow websites to scan which desktop apps are installed
    - Doesn't reveal which browsers I have installed in the User Agent string (why oh why??)
    - Disables referer support

    Basically, if it's in fingerprinting tests such as the one linked below, think about removing it or standardising it to just a few options so that fingerprinting is harder.
    https://www.amiunique.org/ [amiunique.org]

    A browser like this would probably be enough for 99% of users. On top of that it would run faster and have a way smaller attack and fingerprinting surface.

    Want to protect the web? Protect the user.

    • - Only makes a minimal set of system fonts available
      - Locks down canvas use for fingerprinting

      They're working on this. https://support.mozilla.org/en... [mozilla.org]

      - Strips out features like web-bluetooth, web-usb

      Firefox doesn't support either of those, and they say they don't plan to. See their position statements at https://mozilla.github.io/stan... [github.io].

      - Strips out NaCl

      Firefox has never supported NaCl, and they say they don't plan to.

  • ...untested?

  • Many of the current HTML 5 sites are no better than the old frames websites. Layer after layer of floating crap. Windows that almost move with the document. The W3C are idiots.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...