The new Firefox 95 might be the most secure web browser on the market - TechRepublic

MatsuShimizu

Well-Known Member
Joined
Jan 14, 2021
Messages
403
Reaction score
583
Credits
8,788

From TechRepublic: This time around, the developers have released Firefox 95, which includes a new subsystem, called RLBox. RLBox is a new method of sandboxing, which makes it easy to efficiently isolate subcomponents and make Firefox more secure. RLBox uses WebAssembly to isolate possible buggy code.

How RLBox works is complicated, but it breaks down by first compiling a process into WebAssembly, and then the converted process is then re-converted into native code. What this does is prevent code from moving between different portions of a program and limits access to only specific areas of system memory.

As of Firefox 95, RLBox will isolate five components:
- The Graphite rendering engine
- Ogg media module
- Hunspell spellchecker
- Expat XML parser
- Woff2 font compression
Mozilla also made it clear that it won't be able to use RLBox to protect every component of the browser. For example, RLBox isn't suitable for any module that depends on shared memory to function.

Why is RLBox Important?

thehackernews-firefox.png

Screenshot above is taken from The Hacker News. Credit to the author

All web browsers run content within their own sandbox processes. This is done to prevent code from exploiting vulnerabilities. The problem is that bad actors attack by chaining together vulnerabilities, one used to compromise a sandboxed process and another to escape the sandbox. In order to defend against this type of common attack, browsers must then require multiple layers of protection.

To do this, Firefox uses RLBox to place two key restrictions on target code:
- It isn't allowed to jump to unexpected parts of the program.
- It can't access memory outside of a specific region.

These two restrictions make it safe for Firefox to share an address space between trusted and untrusted code so they can run in the same process.

RLBox is a big step forward for Firefox security because it protects users from accidental defects and supply-chain attacks. As an added benefit, RLBox reduces the need for the developers to scramble and fix something when an issue is disclosed upstream.

As far as end-users, there's nothing to configure, enable or install. RLBox is ready to go with Firefox 95. So, if you're serious about web browser security, make sure to upgrade to the latest version of the open-source web browser immediately.

firefox95-11dec2021.png
 
Last edited:


Works good and I like it and good to know that it "might be the most secure web browser on the market".

1639191178681.png
 
Does that mean I don't need to run Firefox 95 in Firejail sandbox.
 
Mozilla pulled their heads out of their butts and made a smart decision for once??? Does this mean they've actually been listening to their criticisms, and might FINALLY become a good company again???
 
Who knows or cares I don't and I've used other browsers that worked okay although none of them were as good as Firefox imo.

I've always used Firefox and never lost faith even when sometimes new updated versions of Firefox were sometimes full of glitches.

As long as Firefox is around I'll continue to use them guess for no other reason than just used to them.
 
Does that mean I don't need to run Firefox 95 in Firejail sandbox.
Interesting question.
If it were me, I would disable firejail, and pay attention to any differences........any differences at all.

I do not know enough about firejai
l to be able to say that firejail is not capable of more than Firefox's RL box.

possibly firejail is capable of more.....but another source of information will have to fill in the blanks there.

It is further interesting to note that Chromium have their own approach under active development

chrome://settings/privacySandbox
 
Last edited:
Ineteresting read, I've never really cared for FF that much and have only used it sparingly. So can't really comment on how this will affect it's overall usefulness. But It's nice to know it's trying. Thanks MatsuShimizu for the link.
 
Interesting question.
If it were me, I would disable firejail, and pay attention to any differences........any differences at all.

I do not know enough about firejai
l to be able to say that firejail is not capable of more than Firefox's RL box.

possibly firejail is capable of more.....but another source of information will have to fill in the blanks there.

It is further interesting to note that Chromium have their own approach under active development

chrome://settings/privacySandbox
Alright disabled Firejail so Firefox 95 is no longer running inside of Firejail and refreshed Firefox 95 back to it's defaults.

I setup Firefox 95 to my liking and will see how Firefox 95 runs OOTB.

If needed I can always Firejail Firefox from the terminal.


Thanks @Condobloke.
 
Alright disabled Firejail so Firefox 95 is no longer running inside of Firejail and refreshed Firefox 95 back to it's defaults.

I setup Firefox 95 to my liking and will see how Firefox 95 runs OOTB.

If needed I can always Firejail Firefox from the terminal.


Thanks @Condobloke.
Let us know how it goes -thanks.
 
Hopefully this will be major turning point for Mozilla. However, if they fall into their own grave after digging it for so long, it can always be maintained by us if they bankrupt themselves.
 
it can always be maintained by us if they bankrupt themselves.
"maintained by us"

Who is the us you refer to and who is going to finance the us you refer to.

Opensource projects require money to stay up and running and no one works for free.
 
"maintained by us"

Who is the us you refer to and who is going to finance the us you refer to.

Opensource projects require money to stay up and running and no one works for free.

"Us" meaning whoever within the FOSS community wants to become the new maintainer. Like Mozilla, maintaining it can be funded by donations or grants.

*sarcastically speaking* does it take a rocket scientist to figure out what I was implying?
 
"Us" meaning whoever within the FOSS community wants to become the new maintainer. Like Mozilla, maintaining it can be funded by donations or grants.
If whoever within the FOSS community were really interested than whoever within the FOSS community would be donating money to Mozilla Firefox now to keep them from going bankrupt.

*sarcastically speaking* does it take a rocket scientist to figure out what I was implying?
Nope not at all however I've read some of your other posts about FOSS which is why I asked. ;)
 
If whoever within the FOSS community were really interested than whoever within the FOSS community would be donating money to Mozilla Firefox now to keep them from going bankrupt.

Being that Mozilla has been going down the toilet in recent years, people within the FOSS community will think like investors, and avoid giving money to them as a result. However, if I'm right about what I said originally, then the pendulum will swing in the opposite direction (but it's going to take a lot from Mozilla now to regain everyone's trust again).
 
Alright disabled Firejail so Firefox 95 is no longer running inside of Firejail and refreshed Firefox 95 back to it's defaults.

I setup Firefox 95 to my liking and will see how Firefox 95 runs OOTB.

If needed I can always Firejail Firefox from the terminal.


Thanks @Condobloke.
Let us know how it goes -thanks.
FF95 is working great and have not experienced any problems.

Okay I've removed Firejail Sandbox and I'm using FF95 OOTB with Ublock Origin and Privacy Badger extensitons.

I only used Firejail for the browser.
With FF95 RLBox I should be good.

I figure ya gotta trust new stuff sometime or ya don't know if it's any good and Firefox hasn't let me down in all of the years I've used it.


If I do run into any problems I will post them.
 
Last edited by a moderator:

Staff online

Members online


Top