Mozilla has announced the immediate availability of Firefox 95, which adds a security feature called RLBox across all platforms.
“In Firefox 95, we’re shipping a novel sandboxing technology called RLBox that makes it easy and efficient to isolate sub-components to make the browser more secure,” Mozilla’s Bobby Holley explains. “This technology opens up new opportunities beyond what’s been possible with traditional process-based sandboxing, and we look forward to expanding its usage and (hopefully) seeing it adopted in other browsers and software projects.”
RLBox uses WebAssembly to isolate potentially-buggy code in Firefox’s Graphite, Hunspell, Ogg, Expat, and Woff2 modules, Holley says, allowing Mozilla to treat them as untrusted code and theoretically make them invulnerable to zero-day vulnerabilities. If you’re interested in how this works, be sure to check out the Mozilla blog post, which goes into much more detail and compares RLBox to traditional sandboxes.
Firefox 95 also includes the following fixes and enhancements:
You can download the desktop versions of Firefox from the Firefox website.