Mozilla Firefox 95 update roll out with a new sandboxing technology called RLBox that is to enhance the browser’s protection against malicious code. As Mozilla says the new technology makes it easy and efficient to isolate potentially buggy code to make the browser secure so much so that even zero-day vulnerabilities in some cases are claim to pose no threat to users on Firefox.
Mozilla has update its bug bounty programme to pay researchers for bypassing the sandbox.
What is Sandboxing Technology?
Sandboxing is a practice that is use to keep potentially malicious code isolate from the rest of the organisation’s environment.
As per a blog post, the RLBox sandboxing technique uses WebAssembly to isolate five modules of the Firefox browser.
WebAssembly technology enables high-resource apps like games, video, and image editors to run in a browser at speed on par with a local computer.
Mozilla Firefox Said :
“Going forward, we can treat these modules as untrusted code, and even a zero-day vulnerability in any of them should pose no threat to Firefox,”.
This technology, which has been develop in collaboration with researchers at the University of California San Diego and the University of Texas, is now being release for all supported Firefox platforms (desktop and mobile).
In order to understand how RLBox sandboxing works, we must first understand the nature of threats that are being pose online.
Just like all major Web browsers that run content in their own sandbox process to plug vulnerabilities, Firefox also isolates each site in its own process for protection.
Mozilla says threat actors attack users by chaining together two vulnerabilities, “one to compromise the sandbox process containing the malicious site and another to escape the sandbox”.
To tackle this scare, multi-layer protection is needed.
RLBox sandboxing technology compiles the code into WebAssembly instead of hoisting it into a separate process.
It then compiles that WebAssembly into native code allowing Firefox to run trusted and untrust code in the same process.
Mozilla says RLBox helps in sanitising any values that come from the sandbox, resulting in enhance protection from malicious code.
THANK YOU FOR READING.
