Mozilla Firefox’s new security feature is designed in such a way that it protects itself from buggy code. With Firefox 95 coming soon, users are expected to anticipate the launch of the RLBox sandboxing tech.
Mozilla Firefox’s New Security Feature Protects Itself from Buggy Code
The latest version of Mozilla’s browser, Firefox 95 will start rolling out today and it introduces its latest security feature. the company announced that the new security feature is designed to limit or cancel out the damage that bugs and other security vulnerabilities in its code can cause.
The feature is called the RLBox and it was developed with help from researchers at the University of Texas and the University of San Diego. The feature however was previously released last year as a prototype and it will be available to both desktop and mobile versions of Firefox.
What is The RLBox Technology?
The RLBox tech is a sandboxing technology at its core. This means that it can effectively isolate codes so that any security vulnerabilities it may contain can harm the system overall. Sandboxing technology is a security method that is widely used across the industry. Web browsers also have started running web content in sandboxed processes in order to try to stop buggy and malicious sites from compromising browsers all over.
Mozilla Firefox Hopes Other Web Browsers Adopt the Initiative of the Technology
The RLBox tech differs from the main traditional approach. The technology however does not have the same costs to performance and memory usage. With this in place, it is possible to sandbox critical browser subcomponents just like the spell checker and in the process effectively allowing it to treat them as untrusted code and also still running in the same process. The tech places limits on how a code can run or which memory it can access.
The company as of today’s stipulate release is isolating five modules which are the Graphite font rendering engine, the Hunspell checker, Expat XML parser, woff2 web font compression format, and the Ogg multimedia container format.
Mozilla’s Take on the Technology and How It Could Help Other Browsers and Programs
Mozilla adds that this simply means that if bugs or other vulnerabilities are discovered in any one of these subcomponents, the Firefox team will no need to scramble all over the place in trying to stop them from compromising the entire browser. In an official statement, the company says, “even a zero-day vulnerability in any of them should pose no threat to Firefox.”
The company admits that it’s not an all-around solution provider and also that the approach will not work everywhere, and examples are particularly browser components that are performance sensitive.
The developer however says that it hopes to see other platforms and browsers take on the implementation of the technology. The developer also added that it intends to use it with more of Firefox’s components in the future.
The company (Mozilla) has updated its bug bounty program and will start paying researchers if they are able to bypass the new sandboxes