Mozilla boosts Firefox security with OpenBSD W^X feature

Jan 4, 2016 22:05 GMT  ·  By

Mozilla developers have added W^X support to Firefox, a security feature aimed at protecting against basic buffer overflow and memory corruption issues.

W^X (Write XOR Execute) is the name of a security feature present in the OpenBSD operating system, which Firefox developers have ported inside Firefox's JIT (Just-in-Time) code compiler.

Added by Jan de Mooij, this feature works under Firefox's hood and affects how code executed inside the browser interacts with the operating system's memory.

W^X adds protection against buffer overflow attacks

The principle behind the W^R memory protection policy, as described by its OpenBSD implementation, states that a process (Web page in Firefox's case) cannot be writable and executable at the same time.

Starting with the latest Firefox 46 Nightly build, Web pages will either be allowed to write code to the memory or execute code in the memory, but not simultaneously.

By delaying execution time, W^X memory protection prevents some types of buffer overflow attacks and also makes sure that when dynamic arbitrary code is injected into the process execution stack, Firefox will crash, instead of blindly running potentially malicious code.

Firefox will take a very minimal performance hit, for security's sake

Before adding W^X support, Firefox gave Web pages full RWX (Read-Write-Execute) permissions. "RWX pages make it easier to exploit certain bugs. As a result, all modern operating systems store code in executable but non-writable memory, and data is usually not executable, see W^X and DEP," said Mr. de Mooij, explaining his decision to add W^X support to Firefox.

What this means for regular users is that Firefox will toggle through special internal functions before switching from a writeable to an executable memory state, which results in some delays.

According to internal tests carried out by Mozilla's developers, the performance hit is between 1% and 4%, depending on the benchmark suite. Because of this minimal impact, the team decided to enable R^W memory protection, which is expected to remain turned on by default, barring serious bugs and other unforeseen performance issues.