Tag Archive for: buggy

Firefox’s latest security feature is designed to protect itself from buggy code

/in


Firefox 95, the latest version of Mozilla’s browser that’s rolling out starting today, introduces a new security feature that’s designed to limit the damage that bugs and security vulnerabilities in its code can cause, Mozilla announced today. The feature, called RLBox, was developed with help from researchers at the University of California San Diego and the University of Texas, and it was originally released as a prototype last year. It’s coming to both the desktop and mobile versions of Firefox.

At its core, RLBox is a sandboxing technology, which means that it’s effectively able to isolate code so that any security vulnerabilities it might contain can’t harm the overall system. Sandboxing is a widely used security method across the industry, and browsers already run web content in sandboxed processes to try to stop malicious or buggy sites from compromising the overall browser.

RLBox differs from this traditional approach, however, and doesn’t have the same costs to performance and memory usage. This makes it possible to sandbox critical browser subcomponents like its spell checker, effectively allowing it to treat them as untrusted code while still running in the same process. This places limits on how code can run or which memory it can access.

As of today’s release, Firefox is isolating five modules: its Graphite font rendering engine, Hunspell spell checker, Ogg multimedia container format, Expat XML parser, and Woff2 web font compression format. Mozilla says this means if bugs or vulnerabilities are discovered in one of these subcomponents, the Firefox team won’t need to scramble to stop them from compromising the entire browser. “Even a zero-day vulnerability in any of them should pose no threat to Firefox,” Mozilla says.

Mozilla admits that it’s not a catch-all solution and that the approach won’t work everywhere, such as particularly performance-sensitive browser components. But the developer says it hopes to see other browsers and software projects implement the technology and that it intends to use it with more of Firefox’s components in the future. Mozilla has also…

Source…

Bot fixes buggy code so you don’t have to

/in

Researchers at MIT have created a bug-fixing bot. What do you think? Do you welcome our new code-patching overlords?
Naked Security – Sophos

Firefox Metro hits Windows 8 with a very early, very buggy beta

/in

Meet the new Firefox, more Metro-y than the old Firefox.

Microsoft may have told app developers “Don’t call it Metro,” but the latest version of Mozilla’s browser for Windows 8 is called the “Firefox Metro Preview.” The name is fitting in all senses.

It’s fitting because Mozilla has adopted the used-to-be-called-Metro design style with an attractive overhaul of the browser’s user interface. This is something Google did not do with Chrome. While there is a version of Chrome for Metro, it looks almost exactly like the desktop version, for better or worse.

The name “Firefox Metro Preview” is also fitting because “preview,” if anything, is a polite word for this early state of the application. While both Microsoft and Google have Metro-style browsers in functional shape, Mozilla’s current schedule will keep the Metro version of its browser in beta for some time after the Windows 8 release on Oct. 26.

Read 23 remaining paragraphs | Comments


Ars Technica » Technology Lab