Mozilla has announced the immediate availability of Firefox 95, which adds a security feature called RLBox across all platforms.
“In Firefox 95, we’re shipping a novel sandboxing technology called RLBox that makes it easy and efficient to isolate sub-components to make the browser more secure,” Mozilla’s Bobby Holley explains. “This technology opens up new opportunities beyond what’s been possible with traditional process-based sandboxing, and we look forward to expanding its usage and (hopefully) seeing it adopted in other browsers and software projects.”
RLBox uses WebAssembly to isolate potentially-buggy code in Firefox’s Graphite, Hunspell, Ogg, Expat, and Woff2 modules, Holley says, allowing Mozilla to treat them as untrusted code and theoretically make them invulnerable to zero-day vulnerabilities. If you’re interested in how this works, be sure to check out the Mozilla blog post, which goes into much more detail and compares RLBox to traditional sandboxes.
Firefox 95 also includes the following fixes and enhancements:
- Reduced CPU usage on macOS in Firefox and Window Server during event processing.
- Reduced power consumption of software-decoded video on macOS, especially in full-screen mode. This change impacts streaming sites such as Netflix and Amazon Prime Video.
- The Picture-in-Picture toggle button can now be moved to the opposite side of the video.
- Site Isolation is now enabled for all Firefox 95 users to better protect them against side-channel attacks such as Spectre.