Mozilla releases Firefox 95 with security improvements

Mozilla released Firefox 95 with new features in the area of ​​performance and stability, although the strong point comes from the security section with the new sandboxing technology, RLBox. .

The new major version of Mozilla’s web browser, the only one to be open source and not to use the Chromium engine among the three major developments, has improved memory allocation on all platforms where it is available. For macOS users, there are specific optimizations that improve the startup speed of content processing and reduce CPU usage, especially when accessing streaming platforms such as Netflix or Amazon Prime Video.

Another new feature for all versions is the use of the Picture-in-Picture function, since it is now possible to move the button to the other side of the video using a new menu option contextual. The obligatory fixing of known bugs concludes this brief review of the new features, except for what has been added to improve security, which deserves a separate chapter.

RLBox in Firefox 95

RLBox is a new sandboxing technology that Mozilla developed in collaboration with researchers from several American universities. Tested some time ago on Linux and Mac platforms, it is now available for all versions of Firefox, desktop and mobile.

The idea behind this technology is the well-known “sandbox environments”: isolate the most dangerous processes to improve safety. . We saw this a while ago when we reviewed the Windows Sandbox, which creates a temporary desktop environment through a stripped-down installation of Windows with a separate kernel isolated from the PC where it runs, and more recently in a specific application such as Sandboxie Plus.

Similarly, consumer browsers run web content in their own isolated process space, which theoretically prevents them from exploiting a browser vulnerability to compromise computers. On desktop operating systems, Firefox also isolates each site into its own process to protect sites from each other.

A lire également  Economic recovery in events following the Covid-19 epidemic

However, malware authors attack users by chaining together two vulnerabilities: one to compromise the isolated space process containing the malicious site and the other to escape from it. “To protect our users against the most well-funded adversaries, we need multiple layers of protection,” they explain.

In Firefox 95, RLBox isolates five different modules (Graphite, Hunspell, Ogg, Expat and Woff2) that are treated as untrusted code. In the future and “assuming we got it right”, Even a zero-day vulnerability in one of them should not pose a threat to Firefox. “Mozilla assures us. Technically, instead of converting the code into a separate process, Mozilla compiles it to WebAssembly and then moves it into native code.

sandbox firefox

Mozilla says this technology opens up new possibilities beyond what was possible with traditional process-based sandboxing, and hopes to expand its use and (hopefully) “see it adopted in other browsers and software projects “.

RLBox isn’t the only security improvement in Firefox 95. Mozilla says it has enabled site isolation for all users, which helps prevent users from having to face issues of security. protect against side channel attacks on processors such as Specter.

It may have lost market share, but the Foundation continues to develop improvements for its browser. Free and open source, you can download Firefox 95 from its website or, if you already use it, update it from the browser itself.