"This Framework Will Improve the Security of All Firefox Users"

A team of researchers from the University of California San Diego, the University of Texas at Austin, and Mozilla developed a new approach to improving browser security. They designed a new framework called RLBox to increase the security of the Firefox browser. Mozilla has started using RLBox on all Firefox platforms. The framework practices sandboxing by separating third-party libraries vulnerable to attacks from the rest of the browser to contain possible damage. Browsers such as Firefox depend on third-party libraries to support XML parsing, spell checking, font rendering, and other functionalities. However, these libraries are often written in low-level programming languages such as C, thus increasing susceptibility to attacks as it is easy to introduce vulnerabilities in C code. Through the application of RLBox, users can be protected from the vulnerabilities contained by such libraries as well as supply-chain attacks in which these libraries are exploited. In order to deal with the exploitation of zero-day vulnerabilities and supply chains by sophisticated attackers, multiple defense layers and new methods are needed to minimize how much code we need to trust for security. This article continues to discuss the purpose, use, and components of the RLBox framework. 

Jacobs School of Engineering reports "This Framework Will Improve the Security of All Firefox Users"