This is the tracking bug for our GSoC WASM sandboxing project. The goal is to compile legacy libraries to WASM as an intermediary step and then compile them back to object code. We'll then provide a wrapper toolkit to safely interact with the "sandboxed" library code. Full proposal below.
Toolkit for sandboxing third-parties libraries in Firefox
Firefox supports a long tail of infrequently used image and audio formats to support the occasional website that uses them. Each such format requires the Firefox decoder to use a new open source library for parsing and decoding. This, unfortunately, increases the attack surface of Firefox and as we saw in Pwn2Own 2018, Firefox was successfully exploited via a bugs in such libraries (libogg in this case).
This project proposes to sandbox third-party libraries in Firefox by building a new software-fault isolation toolkit. Our tookit will build on the WebAssembly compiler to isolate libraries in Firefox. But, as part of this toolkit we will also develop and apply a library for safely interfacing with sandboxed libraries (and sanitizing data coming from them). with this toolkit we can ensure that any vulnerability in third-party libraries (e.g., libogg or libpng) cannot be used to be used to compromise Firefox.
In order of priority:
- Create a proof-of-concept for at least one library that is fully integrated into the Firefox build system
- Enabled for at least one tier-1 platform on nightly behind a flag
- Gather performance statistics
- Expand to further libraries and