Today is Firefox Tuesday, when The latest version of A version of the Mozilla browser is released, which contains all the security updates that have been incorporated into the product since the previous version.
We used to call them Forty two days, Because Mozilla follows a six-week coding cycle, instead of monthly like Microsoft or quarterly like Oracle, and multiplying 7 days by 6 weeks gives you the important number 42.
Today, Mozilla mostly uses a 4-week cycle, so updates move steadily in the monthly calendar, just as the lunar month gradually declines throughout the solar year.
This update brings the mainstream version to 95.0, And includes a series of security fixes, listed in the Mozilla Foundation Security Bulletin MFSA-2021-52, Including leading to:
- Countless crashes This may be entangled into exploitable loopholes.
- Yes WebExtensions Leave unneeded components After the official uninstallation.
- Tips for allowing remote site access Find some apps Install on your computer.
- Sandbox bypass This may allow untrusted scripts to do more than expected.
- The trick to place the cursor in the wrong position, may be Clicks disguised as risky.
To make sure you have the latest version, please visit help > about And wait for the animation line Checking for updates... Tell you if an update is available.
Please note that on Linux and some Unixen, Firefox may be available as part of the distribution, so if Firefox does not provide self-updating, please check for the latest version there.
A brand new sandbox
However, the major change in Firefox 95.0 is the introduction of a new sandbox system, which was developed by academia and called RLBox.
(We have to admit that we can’t find an official explanation for these letters Reinforcement learning exist RLBox, So we assume they represent Runtime library, Not the initials of the project sponsor. )
Strict sandboxing within the browser is usually achieved by splitting the browser into separate system processes for each tab, and these processes are ultimately isolated from each other by the operating system itself.
By default, processes cannot read or write to each other’s memory, which leads to crime-prone sites (such as dodgy.example You will not automatically gain the ability to snoop on the content of tabs logged into your email server or connected to social network accounts.
But not all parts of the browser’s rendering function can be easily split into separate processes, especially if the existing process loads the so-called Shared library – usually .DLL Files on Windows, .so On Unix and Linux, and .dylib On macOS.
Shared libraries, such as rendering specific types of fonts or playing specific types of sound files, are designed to run “in process.”
This means that they are loaded into the memory space of the current process as if they were compiled into the application from the beginning.
In other words, a web page that can be tricked into loading booby fonts will usually end up processing the risky font files in the same process as the rest of the page.
If the web renderer and font handler can run independently and cannot access each other’s memory and data, then you will get better protection, but in a world where you already use shared libraries, it’s difficult to provide additional Process function.
You need to go back to the drawing board and reimplement all the functions currently implemented through the shared library (as the name suggests, sharing memory and other runtime resources with the parent process) in another way.
The whole Gaul is divided into three parts
RLBox is a way Simplify the process Divide your process into different parts so that your code does not need to be completely rewritten.
Nevertheless, RLBox’s calls to shared libraries pass through a “separation layer” that separates the internal work of the main program from the internal work of at least some libraries.
Your code still needs to be changed to allow RLBox to intervene in the way data is passed back and forth between the main application and its shared library subroutines, but the drama of adding these security checks is, at least if the RLBox team and Firefox developers should believe it, Relatively humble and easy to do right.
It is worth noting that according to the RLBox team:
Instead of migrating the application to use RLBox […] Once, RLBox allows “incremental migration” […] Can perform migration of existing code to use RLBox APIs [operation] once.After each such migration, you can continue to build and run [and] Use a complete functional test program to ensure that the migration steps are correct. “
Unfortunately, there are not many rendering functions of Firefox that have been switched to RLBox.
Obviously, only a few special font shaping operations, spell checkers, and media playback code for OGG files have been moved to this safer mode.
OGG files are files that you often find on Wikipedia and avid free and open source websites, because unlike many other audio and video formats, the OGG codec has never been blocked by patents. (Codec By the way, this word is not as high-tech as you think: its acronym is just for Codec, in the same way modem Is a signal Modulator and demodulator.)
What’s next?
If all goes well, Firefox 96.0 will use RLBoxed to process XML files and WOFF fonts (now the ubiquitous file format for embedded Web fonts).
Presumably, if all goes well, the Mozilla team will continue to divide and conquer its browser code to create smaller and smaller “compromise areas” associated with each programming library (of which a typical browser session may require hundreds) “, that is, need to deal with untrusted content from outside.
Of course, if that doesn’t work, there will always be Lynx, As we discussed in the recent Naked Security podcast.
Lynx is a very old-school and streamlined browser. It does not deal with fonts, JavaScript or even graphics: only 100% terminal-style text mode browsing, with minimal reliance on shared libraries…
{COOLEST,OLDEST} browsers in the world: listen now
Click and drag on the sound wave to move around. The Lynx section starts at 2’10”.
you can also Listen directly On Soundcloud.
