How Firefox Uses In-process Sandboxing to Protect Itself From Exploitable Libraries

Explore how Firefox utilizes in-process sandboxing to protect against vulnerabilities in third-party C libraries in this 23-minute Black Hat conference talk. Discover the innovative approach developed by the Firefox team to mitigate zero-day attacks stemming from memory safety issues in external libraries. Learn about the lightweight in-memory sandboxes based on WebAssembly that Firefox has been implementing since 2020 to isolate components like media rendering and spell checking. Delve into the challenges faced during the implementation of this architecture and gain insights into how this technique can be applied to enhance security in other applications. Presented by Tal Garfinkel, Shravan Narayan, and Deian Stefan, this talk offers valuable knowledge for developers and security professionals seeking to improve software resilience against exploitable dependencies.