Mozilla has announced it has taken a small step towards replacing much of Firefox's C++ code with its safer alternative language, Rust.
When Firefox 48 ships on August 2, it will contain a Rust-built mp4 track metadata parser that will be available on Windows and 32-bit Linux desktops for the first time. Users of Mac OS X and 64-bit Linux have had the new parser available since Firefox 45.
"Media formats are known to have been used to trick decoders into exposing nasty security vulnerabilities that exploit memory management bugs in web browsers' implementation code," Dave Herman, Mozilla Research principal researcher and director of strategy, said in a blog post. "This makes a memory-safe programming language like Rust a compelling addition to Mozilla's tool-chest for protecting against potentially malicious media content."
"Our preliminary measurements show the Rust component performing beautifully and delivering identical results to the original C++ component it's replacing -- but now implemented in a memory-safe programming language."
The biggest project to use Rust is Servo, which Mozilla hopes will create a highly parallel, more secure, high-performance browser engine. If successful, Servo would replace Firefox's current Gecko browser engine.
"Basically all of the browser engines you are used to using were designed before the year 2000, and hardware at that time was very different. It usually only had one core, clock speeds were lower and you had much less memory available to you," Mozilla platform engineer Josh Matthews said in 2014.
"Things like multi-thread programming weren't built in from the start and they've been bolted on after the fact. Existing engines are giant and there are various architectural decisions built into them that are very difficult to modify."
Mozilla has laid out in its Oxidation project that it is looking to extend Rust usage to Firefox's URL parser, WebM demuxer, and incorporate some of Servo's CSS code within Gecko.
Support for Rust is not present in the Android version of Firefox.
Alongside the Rust-built parser, Firefox 48 is set to finally see the unveiling of its Electrolysis (E10sS) work to allow content, plug-ins, and media to run in child processes.
However, as Electrolysis breaks many of the add-ons Firefox users install, Mozilla is looking to slowly ramp up its use.
"If we run into issues, we can slow the roll-out, pause it, or even disable E10sS for those who got it. We have all the knobs," Mozilla's Asa Dotzler said last month.