Write XOR Execute JIT Support Lands For Mozilla Firefox
As another recent Firefox Nightly change besides enabling WebGL 2 by default is that Firefox's just-in-time compiler supports W^X protection.
OpenBSD has been leading the charge on using W^X by default -- Write XOR Execute. As explained in that earlier article, W^X implies "a memory policy of W^X -- write xor execute where memory can be marked as writable or executable but not both, in order to fend off potential exploits." One of the biggest roadblocks that OpenBSD faced enabling W^X were JIT engines of web browsers.
Now as of last week, the nightly builds of Mozilla's web browser there is W^X JIT-code enabled in Firefox. The Write XOR Execute protection now works for Mozilla's SpiderMonkey JavaScript engine for all platforms where as previously the JIT engine needed read-write-execute permissions. The support uses VirtualProtect on Windows and mprotect for non-Windows platforms.
Using W^X on Firefox can cause a little overhead with the worst performance being found on OS X (reportedly around 4%) due to a slower mprotect implementation where as other platforms should be impacted by less than 3%. The W^X protection should end up shipping in released form for Firefox 46.
OpenBSD has been leading the charge on using W^X by default -- Write XOR Execute. As explained in that earlier article, W^X implies "a memory policy of W^X -- write xor execute where memory can be marked as writable or executable but not both, in order to fend off potential exploits." One of the biggest roadblocks that OpenBSD faced enabling W^X were JIT engines of web browsers.
Now as of last week, the nightly builds of Mozilla's web browser there is W^X JIT-code enabled in Firefox. The Write XOR Execute protection now works for Mozilla's SpiderMonkey JavaScript engine for all platforms where as previously the JIT engine needed read-write-execute permissions. The support uses VirtualProtect on Windows and mprotect for non-Windows platforms.
Using W^X on Firefox can cause a little overhead with the worst performance being found on OS X (reportedly around 4%) due to a slower mprotect implementation where as other platforms should be impacted by less than 3%. The W^X protection should end up shipping in released form for Firefox 46.
28 Comments