• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
firefox 95 boosts protection against zero day attacks

Firefox 95 boosts protection against zero-day attacks

You are here: Home / General Cyber Security News / Firefox 95 boosts protection against zero-day attacks
December 7, 2021

Shutterstock

Mozilla is shipping a security technology with Firefox 95 that it hopes will prevent zero-day attacks targeting customers of the browser. 

Named RLBox, the new aspect will acquire a far more granular tactic to sandboxing, a security strategy that operates web-site code in its have walled-off area of memory to prevent malicious elements affecting the relaxation of the process.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


In a blog article asserting the element, Mozilla distinguished engineer Bobby Holley highlighted a challenge with present browser sandboxing technology, which isolates web web page processes in particular person sandboxes, and is vulnerable to chained attacks.

Malware developers can compromise the process first, and then escape the sandbox, it warns. It also limits the extent to which code can be divided into diverse sandboxed procedures mainly because of the memory overhead concerned.

Designed in conjunction with the University of California San Diego and the University of Texas, RLBox complements process-centered isolation with a new approach. It compiles code as native code through WebAssembly, which is a portable compilation structure.

This will make just about every individually compiled piece of native code safer, for the reason that it are unable to entry memory outside the house of a specified area and can not make any unpredicted jumps. The new method makes it achievable to operate distinct pieces of dependable and untrusted code in the exact same method with out them influencing just about every other.

“RLBox is a major win for us on quite a few fronts: it shields our users from accidental flaws as properly as supply-chain attacks, and it reduces the want for us to scramble when these types of issues are disclosed upstream,” mentioned Holley.

RLBox is a stand-by yourself venture that Mozilla to start with trialed on macOS and Linux end users final yr. It is now deploying it throughout all Firefox platforms, which includes cellular methods.

Mozilla will commence with RLBox support for the Graphite font rendering method, the Hunspell spell checker, and the Ogg multimedia container structure in Firefox 95. It will follow this up in Firefox 96 with support for the Expat XML parser and Woff2, the font compression technology used in the browser.

“Likely forward, we can take care of these modules as untrusted code, and — assuming we did it appropriate — even a zero-day vulnerability in any of them should really pose no threat to Firefox,” Holley claimed. He also hoped that other browsers would adopt the open-supply technology.

Mozilla has updated its bug bounty program to reward researchers for escaping the sandbox technology without the need of exploiting vulnerabilities in an isolated component.


Some pieces of this post are sourced from:
www.itpro.co.uk

Previous Post: «solarwinds attackers spotted using new tactics, malware SolarWinds Attackers Spotted Using New Tactics, Malware
Next Post: One in eight Americans would fall victim to a phishing attack hackers have raked in £34.5 million from covid related scams»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Europol Confirms Takedown of SMS-based FluBot Spyware
  • The EU’s Apple App Store crackdown ‘will fuel cyber attacks’
  • Connecticut Becomes Fifth US State to Enact Consumer Privacy Law
  • New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email
  • FluBot Android Spyware Taken Down by Global Law Enforcement Operation
  • YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites
  • Twice as Many Healthcare Organizations Now Pay Ransom
  • WithSecure CTO: Industry needs to do a better job of targeting ransomware supply chains
  • GitHub Enterprise Server 3.5 is equipped with a horde of new security protections
  • Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

Copyright © TheCyberSecurity.News, All Rights Reserved.