The browser-maker Mozilla will introduce Rust code into its Firefox browser in the next stable release, version 48. Initially, the Rust code will only ship with desktop versions of the browser but Android support is expected “soon.” This time around, the inclusion of Rust code won't bring speed improvements, but rather increased security in the media stack.
According to Director of Strategy of Mozilla Research, Dave Herman, security in the browser's media stack is important as it is exploited for attacks. He wrote:
“One of the first groups at Mozilla to make use of Rust was the Media Playback team. Now, it's certainly easy to see that media is at the heart of the modern Web experience. What may be less obvious to the non-paranoid is that every time a browser plays a seemingly innocuous video, it's reading data delivered in a complex format and created by someone you don't know and don't trust. And as it turns out, media formats are known to have been used to trick decoders into exposing nasty security vulnerabilities that exploit memory management bugs in Web browsers' implementation code.”
When it comes to performance of the Rust code against the C++ code concerning this component of the browser, Herman says:
"Our preliminary measurements show the Rust component performing beautifully and delivering identical results to the original C++ component it's replacing – but now implemented in a memory-safe language.”
Rust saw its stable release during the first half of 2015; it mixes low-level control over performance while providing high-level convenience and safety guarantees. Code written in languages such as C++, which aren't designed to be memory safe, are more susceptible to exploits. By switching to Rust, Mozilla can heighten security on Firefox.
Implementing the Rust code into the media stack in Firefox is just the first part of what is dubbed Project Oxidation. Other components of the browser, such as the URL parser and the WebM Demuxer will be re-written in Rust. Perhaps the largest undertaking that 'Rustaceans' are working on is the new browser engine which will eventually power Firefox, called Servo, which saw its first nightly build earlier this month.
Source: Mozilla Hacks
5 Comments - Add comment