14 DAY TRIAL // Mozilla has announced today plans to ship its first-ever Rust code with the production releases of Firefox. The first-ever Rust component will arrive in Firefox 48, scheduled for debut on August 2, 2016.
Rust is a programming language developed as a safer alternative to C++, with a unique construction that reduces the chances of having dangerous memory exploits in Rust-based applications.
Memory corruption issues such as use-after-free and buffer overflows are the main source of security bugs these days, plaguing Adobe's Flash Player, but also Web browsers such as Firefox and Chrome.
Because of its inherent features, Mozilla decided to sponsor the project seven years ago, practically adopting the new programming language as its own.
First Firefox Rust component is the browser's media stack
After teasing Rust features last year, the Mozilla Foundation has announced today that Firefox 48 will contain a new media stack component that's entirely coded in Rust.
The first Firefox component to feature Rust code was not chosen at random because media components often execute malicious code when parsing multimedia files.
To draw an analogy, Android's most insecure component that's always getting patches on a monthly basis is its Mediaserver (media processing) component, where the Stagefright vulnerability was initially discovered.
"This makes a memory-safe programming language like Rust a compelling addition to Mozilla’s tool-chest for protecting against potentially malicious media content on the Web," says Dave Herman, Director of Strategy at Mozilla Research.
Zero issues after initial tests
Following tests of this Rust-based media component in Firefox's unstable builds, Mozilla says that, after one billion uses, they have yet to see a crash or issue in the Rust media component.
This is only the beginning, and we're bound to see more Rust code in Firefox. In mid-June, Mozilla also released the first versions of Servo, a minimal browser created in Rust code alone.
Just like Mozilla invested in Rust for a safer alternative to C++, so did Microsoft last month, when the company put some muscle into the Checked C extension for the C language.