Mozilla Releases Firefox 95 With Outstanding Security Enhancements: RLBox and Site Isolation

Mozilla has released Firefox 95 with news in the performance and stability section, although the highlight comes from the security section with the new sandboxing technology, RLBox.

The new major version of Mozilla’s web browser, the only open source browser that does not use the Chromium engine among the three major developments, has improved memory allocation on all platforms where it is available. For macOS users, there are specific optimizations that improve the startup speed of the content process and reduced CPU usage especially when accessing streaming platforms such as Netflix or Amazon Prime Video.

Another novelty for all versions comes in the use of the function Picture-in-Picture, as it is now possible to move the button to the other side of the video using a new context menu option. The obligatory correction of known errors completes this brief review of the news except for what comes to improve security that deserves a separate chapter.

RLBox in Firefox 95

RLBox is a new technology of sandboxing that Mozilla has developed in collaboration with researchers from several American universities. You tested it a long time ago on Linux and Mac platforms and now it’s available for all versions of Firefox, desktop and mobile.

The idea behind this technology is the one known of these “sandboxes”: isolate the most dangerous processes to improve safety. We saw this a long time ago when we reviewed the Windows Sandbox, which creates a temporary desktop environment through a reduced installation of Windows with a separate kernel and isolated from the PC where it runs, and more recently in a specific application like Sandboxie Plus.

Also major browsers run web content in their own sandbox process, theoretically preventing it from exploiting a browser vulnerability to compromise computers. On desktop operating systems, Firefox also isolates each site in its own process to protect the sites from each other.

However, malware writers attack users by stringing together two vulnerabilities: one to compromise the sandbox process that contains the malicious site, and another to escape from it. «To keep our users safe from the best-funded adversaries, we need multiple layers of protection«, They explain.

In Firefox 95, RLBox isolates five different modules (Graphite, Hunspell, Ogg, Expat, and Woff2) treated as untrusted code. In the future and «assuming we got it right, even a zero-day vulnerability in any of them shouldn’t pose a threat to Firefox«, Assures Mozilla. Technically, instead of converting the code in a separate process, what Mozilla does is compile in WebAssembly and then translate it into native code.

Mozilla says that this technology opens up new opportunities beyond what has been possible with the sandboxing traditional process-based, and hope to expand its use and (hopefully) «see it adopted in other browsers and software projects«.

RLBox is not the only security enhancement in Firefox 95, as Mozilla says it has enabled the feature Site Isolation for all users, which helps to protect against side channel attacks on processors like Specter.

It may have lost market share, but the Foundation continues to develop improvements for your browser. Free and open source, you can download Firefox 95 from its website or if you already use it, update the version from the same browser.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *