All modern browsers use sandboxing to protect users against
malicious code. The problem is that many of the most advanced exploits chain
together two vulnerabilities to bypass those protections. With RLBox, Firefox
will compile a process into WebAssembly and then convert it into native code.
According to Mozilla, this approach presents two significant advantages. It
prevents code from jumping between different parts of a program and limits
access to specific areas of your system’s memory.
With today’s release, Mozilla will use RLBox to isolate five
components of Firefox, including the browser’s Graphite font rendering engine
and Ogg multimedia module. If the system works as expected, the company says
“even a zero-day vulnerability in any of [the five components] should pose no
threat to Firefox.”
Mozilla is quick to note it won’t be able to use RLBox to
protect every component of Firefox. For instance, it’s not suitable for modules
that depend on sharing memory with the rest of the program to function.
However, the company is hopeful that other developers will
use the technology to make their software safer. In the meantime, RLBox is now
rolling out to all desktop and mobile versions of Firefox.