The latest version of the Firefox browser for the desktop will have a component based on the new Mozilla-backed Rust language, said Dave Herman, a principal researcher and director of strategy at Mozilla this week. Rust is billed as an alternative to C++, and promises that programmers can be more productive and suffer less headaches regarding troublesome memory exploits.
According to the post, Firefox 48 will include Mozilla’s first Rust media parser. Herman doesn’t really detail much in regards to this new component, only saying that it performs “beautifully” and delivers “identical results” when compared to the original C++ component the Rust version is replacing. A provided chart shows that Mozilla experienced absolutely no issues while running the new Rust code over a billion times.
“Seeing Rust code ship in production at Mozilla feels like the culmination of a long journey,” Herman writes. “But this is only the first step for Mozilla.”
So what’s the big deal with this new media parser? It enables web surfers to stream digital media to their browser or related app. As Herman explains in his blog, that media-based data resides on a remote server, and is created by someone the user doesn’t know (or possibly trust). That data is thus delivered in a “complex format” that’s analyzed by the parser component of the receiving software, such as a browser.
Unfortunately, streaming media can be used to exploit memory management bugs residing within a web browser’s code. Herman points as an example to this Android exploit, which enabled remote attackers to “execute arbitrary code or cause a denial of service (memory corruption)” by using a malicious media file. That example seems to be the latest in a long string of bugs associated with the Stagefright “epidemic” spanning from Android 2.2 “Froyo” to Android 5.1 “Lollipop.”
“This makes a memory-safe programming language like Rust a compelling addition to Mozilla’s tool-chest for protecting against potentially malicious media content on the web,” Herman adds. Nicholas Matsakis, a senior researcher at Mozilla Research, explained a few years ago that Rust “guarantees type soundness, memory safety, and data-race freedom.”
Rust made its first public appearance back in 2010. It’s the brainchild of Mozilla employee Graydon Hoare, a personal project that Mozilla began to sponsor in 2009. The first numbered pre-alpha Rust compiler went publicly live in January 2012 while the first stable release of the programming language (Rust 1.0) hit the streets in May 2015.
“Rust itself is the product of a tremendous, vibrant community,” he adds. “None of this work would have been possible without the incredible contributions of issues, design, code, and so much more of Rustaceans worldwide. As a Rustacean myself, I’d encourage you to come play with Rust.”
Developers are encouraged to get involved with a Mozilla project using the new Rust programming language. Herman points to Oxidation, a project for integrating Rust code into Gecko and Firefox. Listed components include an URL parser, an MP4 metadata parser, a WebM demuxer, CSS-style calculation, and more.
The current version of Firefox for desktop appears to be v47.0.1. Additionally, the Firefox 48.0Beta release notes state that it arrived on the web on June 8, thus Herman’s blog seems to indicate that the Rust component is already present within the current beta release. That said, once Firefox 48 stable hits the masses, Rust code will be in use by “hundreds of millions” of Firefox users.
