Mozilla says it will next month ship the first official Firefox build that sports code written in its more-secure-than-C Rust programming language.
It's hoped the Rust-written code will avoid the usual programming blunders present in web browsers – typically use-after-
free() and heap corruption bugs – which malicious websites exploit to install malware on computers.
For one thing, Rust's toolchain is extremely strict and refuses to build source that potentially suffers from data races, buffer overflows and so on. Therefore, it should be a lot harder to attack the Rust-hardened sections of Firefox because there will be fewer bugs present.
The first use of Rust will be in the browser's media parsers, where the security strengths of the language are best put to use. Mozilla believes the memory safety features of Rust will do the most good when handling video and audio embedded in webpages – media files are a favored ammunition in drive-by malware attacks.
Being able to handle media robustly with minimal exploitable bugs means there's less chance the software can be compromised by visiting a malicious site.
"Media formats are known to have been used to trick decoders into exposing nasty security vulnerabilities that exploit memory management bugs in web browsers' implementation code," wrote Mozilla director of strategy Dave Herman.
"This makes a memory-safe programming language like Rust a compelling addition to Mozilla's tool-chest for protecting against potentially malicious media content on the web."
Herman noted that early tests on the code have shown that the new Rust components run at identical speeds to their C++ predecessors, meaning users should see little to no difference in performance from the move. Meanwhile, the new Firefox build should, in theory, become more secure.
"Rust itself is the product of a tremendous, vibrant community," Herman declared.
"None of this work would have been possible without the incredible contributions of issues, design, code, and so much more of Rustaceans worldwide." ®