Firefox 95 enhances the browser's protection against malicious code

HarborFront

Level 61
Thread author
Verified
Top poster
Content Creator
Oct 9, 2016
5,063
Mozilla is introducing a new security feature it claims will make Firefox the most secure browser available to consumers. Dubbed RLBox and available through today's Firefox 95 update, it’s a new sandboxing tool the company developed in collaboration with the University of California San Diego and the University of Texas.

All modern browsers use sandboxing to protect users against malicious code. The problem is that many of the most advanced exploits chain together two vulnerabilities to bypass those protections. With RLBox, Firefox will compile a process into WebAssembly and then convert it into native code. According to Mozilla, this approach presents two significant advantages. It prevents code from jumping between different parts of a program and limits access to specific areas of your system’s memory.

With today’s release, Mozilla will use RLBox to isolate five components of Firefox, including the browser’s Graphite font rendering engine and Ogg multimedia module. If the system works as expected, the company says “even a zero-day vulnerability in any of [the five components] should pose no threat to Firefox.”

Mozilla is quick to note it won’t be able to use RLBox to protect every component of Firefox. For instance, it’s not suitable for modules that depend on sharing memory with the rest of the program to function. However, the company is hopeful that other developers will use the technology to make their software safer. In the meantime, RLBox is now rolling out to all desktop and mobile versions of Firefox.


More about RLBox here


 
Last edited:

silversurfer

Level 83
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,280
From official blog post, why Mozilla implemented this sandboxing technology called RLBox

The Limits of Process Sandboxing

All major browsers run Web content in its own sandboxed process, in theory preventing it from exploiting a browser vulnerability to compromise your computer. On desktop operating systems, Firefox also isolates each site in its own process in order to protect sites from each other.

Unfortunately, threat actors routinely attack users by chaining together two vulnerabilities — one to compromise the sandboxed process containing the malicious site, and another to escape the sandbox [2]. To keep our users secure against the most well-funded adversaries, we need multiple layers of protection.

Having already isolated things along trust boundaries, the next logical step is to isolate across functional boundaries. Historically, this has meant hoisting a subcomponent into its own process. For example, Firefox runs audio and video codecs in a dedicated, locked-down process with a limited interface to the rest of the system. However, there are some serious limitations to this approach. First, it requires decoupling the code and making it asynchronous, which is usually time-consuming and may impose a performance cost. Second, processes have a fixed memory overhead, and adding more of them increases the memory footprint of the application.

For all of these reasons, nobody would seriously consider hoisting something like the XML parser into its own process. To isolate at that level of granularity, we need a different approach.

Isolating with RLBox

This is where RLBox comes in. Rather than hoisting the code into a separate process, we instead compile it into WebAssembly and then compile that WebAssembly into native code. This doesn’t result in us shipping any .wasm files in Firefox, since the WebAssembly step is only an intermediate representation in our build process.

However, the transformation places two key restrictions on the target code: it can’t jump to unexpected parts of the rest of the program, and it can’t access memory outside of a specified region. Together, these restrictions make it safe to share an address space (including the stack) between trusted and untrusted code, allowing us to run them in the same process largely as we were doing before. This, in turn, makes it easy to apply without major refactoring: the programmer only needs to sanitize any values that come from the sandbox (since they could be maliciously-crafted), a task which RLBox makes easy with a tainting layer.

The first step in this transformation is straightforward: we use Clang to compile Firefox, and Clang knows how to emit WebAssembly, so we simply need to switch the output format for the given module from native code to wasm. For the second step, our prototype implementation used Cranelift. Cranelift is excellent, but a second native code generator added complexity — and we realized that it would be simpler to just map the WebAssembly back into something that our existing build system could ingest.

We accomplished this with wasm2c, which performs a straightforward translation of WebAssembly into equivalent C code, which we can then feed back into Clang along with the rest of the Firefox source code. This approach is very simple, and automatically enables a number of important features that we support for regular Firefox code: profile-guided optimization, inlining across sandbox boundaries, crash reporting, debugger support, source-code indexing, and likely other things that we have yet to appreciate.
 

silversurfer

Level 83
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,280
Seems not much hype around it yet, but sounds like big upgrade?
Probably it's very difficult to be sure how effective is "this new tech" even on the current status of development.

Mozilla published last year this blog post: "Securing Firefox with WebAssembly"
 

silversurfer

Level 83
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,280

Mozilla Firefox 95.0 release: here is what is new​

Executive Summary​

  • Firefox is available on the Microsoft Store officially now.
  • The new release reduces CPU usage and power usage on Mac OS X in some use cases.
  • Site Isolation is enabled for all users.

Security updates / fixes​

Security updates are revealed after the official release of the web browser. You find the information published here after release.
 

n8chavez

Level 8
Well-known
Feb 26, 2021
394
Has anyone else experienced a blinding bright white screen while a site loads since upgrading to FF 95? This happens even before any css and stylus tweaks can load, white the site itself loads. This never happened on 94.
 

South Park

Level 8
Verified
Jun 23, 2018
395
After updating to 95.0, for the first time I can recall with Firefox, I noticed a process running as Untrusted instead of merely Low (y)

FF 95.png
 

HarborFront

Level 61
Thread author
Verified
Top poster
Content Creator
Oct 9, 2016
5,063
Has anyone else experienced a blinding bright white screen while a site loads since upgrading to FF 95? This happens even before any css and stylus tweaks can load, white the site itself loads. This never happened on 94.
I'm not experiencing it. Can you link the website(s) you went to? BTW, I'm using Dark Reader
 
  • Like
Reactions: oldschool

South Park

Level 8
Verified
Jun 23, 2018
395
FWIW, I'm using FF portable 64-bit on Windows 10. Mine passes the Cloudflare check. I haven't observed any strange white screens. The untrusted process is listed for me only in Process Explorer, not Task Manager.
 

wat0114

Level 6
Verified
Well-known
Apr 5, 2021
265
After updating to 95.0, for the first time I can recall with Firefox, I noticed a process running as Untrusted instead of merely Low (y)

I had an untrusted process on previous 94.x.x version...

 

HarborFront

Level 61
Thread author
Verified
Top poster
Content Creator
Oct 9, 2016
5,063
FWIW, I'm using FF portable 64-bit on Windows 10. Mine passes the Cloudflare check. I haven't observed any strange white screens. The untrusted process is listed for me only in Process Explorer, not Task Manager.
Not seeing in the Process Explorer

1638927818670.png
 
Last edited by a moderator:
  • Like
Reactions: oldschool

HarborFront

Level 61
Thread author
Verified
Top poster
Content Creator
Oct 9, 2016
5,063
Run the test on the Cloudflare site
I think you need to set up Secure DNS and Encrypted SNI in FF before you can pass all the 4 tests. Read below


But I don't use secure DNS because I'm using VPN
 
  • Like
Reactions: oldschool

Sammo

Level 4
Verified
Well-known
Jan 27, 2012
167
I think you need to set up Secure DNS and Encrypted SNI in FF before you can pass all the 4 tests. Read below


But I don't use secure DNS because I'm using VPN
I already set these up. Still didn't pass. Using a vpn works fine. 😀
 
  • Like
Reactions: oldschool