Mozilla has announced through its Mozilla Hacks blog that it plans to ship a ‘novel sandboxing technology’ called RLBox with Firefox 95 which it has been developing alongside researchers from the University of California San Diego and the University of Texas. It said RLBox makes it easier to isolate subcomponents of the browser efficiently and gives Mozilla more options than traditional sandboxing granted it.
Mozilla said this new method of sandboxing, which uses WebAssembly to isolate potentially-buggy code, builds on a prototype that was shipped in Firefox 74 and Firefox 75 to Linux and Mac users respectively. With Firefox 95, RLBox will be deployed on all supported Firefox platforms including desktop and mobile to isolate three different modules: Graphite, Hunspell, and Ogg. With Firefox 96, two more modules, Expat and Woff2, will also be isolated.
Commenting on the next steps for RLBox, Mozilla engineer Bobby Holley said:
“RLBox is a big win for us on several fronts: it protects our users from accidental defects as well as supply-chain attacks, and it reduces the need for us to scramble when such issues are disclosed upstream. As such, we intend to continue applying to more components going forward. Some components are not a good fit for this approach — either because they depend too much on sharing memory with the rest of the program, or because they’re too performance-sensitive to accept the modest overhead incurred — but we’ve identified a number of other good candidates.”
It should also be noted that the company has updated its bug bounty program so that researchers are paid for bypassing the sandbox even if there are no vulnerabilities in the isolated library; this will help tighten up the browser’s security further. If you’d like to learn more of the technical aspects behind RLBox, be sure to check out the Mozilla Hacks post.