The new Firefox 95 release features a brand new security capability that is designed to limit the risk of vulnerabilities in its browser code.
In collaboration with the researchers at the University of California in San Diego and the University of Texas, they have developed a new model called RLBox.
Next Level Sandboxing
RLBox is a sandboxing technology that will effectively isolate browser code from various websites, so that browser vulnerabilities offer less risk to the system and user. Sandboxing is widely used today in almost every scenario. Most browsers have had some form of the technology implemented for many years, preventing poorly written websites from compromising the user's safety.
Furthermore, RLBox is different from the traditional approaches as it has lower resource requirements focused on memory usage. Since memory is very limited in browsers and especially in embedded applications, this solves the problem of low-power devices.
The RLBox allows users to sandbox every subsystem of the browser so that, for example, the built-in spell checker or any other component can be separated.
By isolating the selected elements, you can restrict the data that the trusted code should access without running it in a separate process.
Mozilla has said that the compartmentalized components will mean that flaws discovered in any of them won't immediately endanger internet users. So even a zero-day vulnerability shouldn't pose an immediate threat to Firefox users.
However, the company admits that RLBox is not a one-size-fits-all and would only work for some components in its current form.
Refreshed Bounty Program
Mozilla plans to expand the new sandboxing to other Firefox components in the future and hopes that other browsers or software will adopt the technology as well.
They had updated the bug bounty program. Now, any researcher who finds wholes in the system will get compensated.
The new version of Firefox is available to download from the official link here. More information is in the update notes.