Firefox 95 wants to keep itself safe from code security flaws

RLBox sandboxing tech is coming with Firefox 95

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The latest version ofMozilla Firefoxis including a welcome security upgrade that the company hopes can keep its browser safe from code-based attacks.

Available now, the desktop and mobile editions of Firefox 95 will come with RLBox technology, which looks to prevent and limit any damage caused by code security flaws or bugs.

The “novel sandboxing tool” will look to make Firefox the most securebrowseroption around, the company claims.

Firefox security

Firefox security

RLBox was developed by Mozilla alongside researchers at the University of California San Diego and the University of Texas.

The tool uses WebAssembly to isolate potentially buggy code, ensuring no possible infections or flaws are able to launch or execute without the user knowing.

Mozilla notes that although all major browsers, including Firefox, run web content in their own sandboxed process, hackers often chain together two vulnerabilities to break through -one to compromise the sandboxed process containing the malicious site, and another to escape the sandbox.

This has previously meant having to hoist subcomponents of a browser into a separate process, but this has some limitations - which is where RLBox comes in.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Rather than hoisting the code into a separate process, we instead compile it into WebAssembly and then compile that WebAssembly into native code,” Mozilla says.

Although not suitable for every component, Mozilla says it is working on expanding the reach of RLBox as much as it can - including to other browsers. The company shipped a prototype to its Mac and Linux users to test in 2020, showing it can operate effectively across differentoperating systems.

“RLBox is a big win for us on several fronts: it protects our users from accidental defects as well as supply-chain attacks, and it reduces the need for us to scramble when such issues are disclosed upstream,” Mozilla’s Bobby Holley wrote in ablog postannouncing the news.

“This technology opens up new opportunities beyond what’s been possible with traditional process-based sandboxing, and we look forward to expanding its usage and (hopefully) seeing it adopted in other browsers and software projects.”

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well