Firefox 95 Brings Security, Performance, and Efficiency Improvements to Mac
Mozilla has released Firefox 95, featuring a new version of its security sandboxing subsystem called RLBox, and additional performance and efficiency improvements for the macOS version of the web browser.
According to the release notes, RLBox is a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries.
The sandbox subsystem works by compiling a process in WebAssembly before re-converting it into native code, which restricts its access to system memory and stops it from jumping to unexpected parts of the program, thus limiting its potential for exploiting vulnerabilities.
As Mozilla's Bobby Holley explains:
This technique, which uses WebAssembly to isolate potentially-buggy code, builds on the prototype we shipped last year to Mac and Linux users. Now, we're bringing that technology to all supported Firefox platforms (desktop and mobile), and isolating five different modules: Graphite, Hunspell, Ogg, Expat and Woff2.
Going forward, we can treat these modules as untrusted code, and — assuming we did it right — even a zero-day vulnerability in any of them should pose no threat to Firefox. Accordingly, we’ve updated our bug bounty program to pay researchers for bypassing the sandbox even without a vulnerability in the isolated library.
In other improvements, Firefox 95 reduces CPU usage on macOS during event processing, and reduces the power usage of software decoded video on macOS, especially in fullscreen. This includes streaming sites such as Netflix and Amazon Prime Video.
Meanwhile, it's now possible to move the Picture-in-Picture toggle button to the opposite side of the video. Users can find the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side.
Lastly, Mozilla says that Site Isolation is now enabled for all Firefox 95 users to better protect them against side-channel attacks such as Spectre.
Firefox 95 for macOS is available now from the Mozilla website.
Top Rated Comments
(For real, though, I still think incrementing your major version number every six weeks without consideration of whether your changes are actually major is bad. I can never tell what the current version of Firefox or Chrome or Edge is, nor can I tell when the last time they made major changes was. But I can with Safari, because their version numbers make sense.)
a lot of apps do not and I think this is because some Apple limitation, so Apple to be blamed
If all you need many profiles for are site logins, this will do it with minimal complexity compared to having multiple profiles. If you need to switch whole profiles you can do it in FF as well with this