Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Firefox
So, Firefox 95...is it any better?
Message
<blockquote data-quote="ForgottenSeer 92963" data-source="post: 968419"><p>The big security sacrifice made to C (the basis for machine code) and C++ (the object oriented successor of C) for performance is that C does not imposes memory boundary checks (on compiled code). So it is possible to write in program A to a place in memory which is used by program B and change the flow of events in program B. Many security vulnerabilities are the result of successful (meaning repeatable and predictable) misuse of memory boundary exceptions.</p><p></p><p>The sandboxing accomplished by RLBox using webassembly prevents third-party code to jump to unexpected places in the parts of memory assigned to that third-party library itself and prevents to address memory outside that third-party library. When I read this I thought what a smart move of Firefox to address the source of the C/C++ security weakness and wondered what the status was of that other project (Oxidation) which aimed to replace C/C++ with Rust. Rust was developed by Mozilla and "in laymans terms" has all the benefits of C++ without the security weaknes or in other words Rust is a fast and powerful program language which protects memory boundaries.</p><p></p><p>So I looked to the status and happily noticed that the lines of Rust code had nearly doubled since it introduction in end of 2018. Then I noticed that there was no data beyond July 2020 and remembered Mozilla fired about a quarter of its workforce in July/August 2020.</p><p></p><p><span style="font-size: 18px">Question to MT-members following the developments of Firefox more closely: is the oxidation project dead (because people working on C++ to Rust migration were fired in 2020)?</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Edit: found the answer (<a href="https://en.wikipedia.org/wiki/Servo_(software)#:~:text=After%20Mozilla%20laid%20off%20all,has%20merely%20been%20maintenance%20activity." target="_blank">link</a>) YES, the project to replace Gecko (C++) with Servo (Rust) rendering engine was also killed in 2020.</span></p><p></p><p></p><p></p><p>I really find this disturbing to find out. Mozilla management started Firefox OS in 2013 and Servo in 2017 (when my memory serves right). Both money and resources consuming projects are killed. When a company has less resources and less income than the market leader, that runner up can only win from the market leader by out smarting the leader. Sadly Mozilla management seems to be dumber than the competition. I am a happy user of Firefox on Android and hope this are not the signs of a company in dissolution.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 92963, post: 968419"] The big security sacrifice made to C (the basis for machine code) and C++ (the object oriented successor of C) for performance is that C does not imposes memory boundary checks (on compiled code). So it is possible to write in program A to a place in memory which is used by program B and change the flow of events in program B. Many security vulnerabilities are the result of successful (meaning repeatable and predictable) misuse of memory boundary exceptions. The sandboxing accomplished by RLBox using webassembly prevents third-party code to jump to unexpected places in the parts of memory assigned to that third-party library itself and prevents to address memory outside that third-party library. When I read this I thought what a smart move of Firefox to address the source of the C/C++ security weakness and wondered what the status was of that other project (Oxidation) which aimed to replace C/C++ with Rust. Rust was developed by Mozilla and "in laymans terms" has all the benefits of C++ without the security weaknes or in other words Rust is a fast and powerful program language which protects memory boundaries. So I looked to the status and happily noticed that the lines of Rust code had nearly doubled since it introduction in end of 2018. Then I noticed that there was no data beyond July 2020 and remembered Mozilla fired about a quarter of its workforce in July/August 2020. [SIZE=5]Question to MT-members following the developments of Firefox more closely: is the oxidation project dead (because people working on C++ to Rust migration were fired in 2020)? Edit: found the answer ([URL='https://en.wikipedia.org/wiki/Servo_(software)#:~:text=After%20Mozilla%20laid%20off%20all,has%20merely%20been%20maintenance%20activity.']link[/URL]) YES, the project to replace Gecko (C++) with Servo (Rust) rendering engine was also killed in 2020.[/SIZE] I really find this disturbing to find out. Mozilla management started Firefox OS in 2013 and Servo in 2017 (when my memory serves right). Both money and resources consuming projects are killed. When a company has less resources and less income than the market leader, that runner up can only win from the market leader by out smarting the leader. Sadly Mozilla management seems to be dumber than the competition. I am a happy user of Firefox on Android and hope this are not the signs of a company in dissolution. [/QUOTE]
Insert quotes…
Verification
Post reply
Top