Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
For context: Admins and programmers sometimes use "DLL injection" to insert customized code into a process or program. They generally use this method to change or add to the behavior of applications, such as browsers. However, it can also cause compatibility, reliability, or security issues when these programs receive regular updates.
Mozilla recently released Firefox version 136.0.3, which will likely be the last minor release before a new iteration drops in April. Further out, the company plans to bring a new enterprise-focused upgrade in May to make the browser more stable and safer. Starting with version 138, Firefox will provide a new way to prevent data loss incidents without resorting to troublesome DLL injection practices.
Writing on Mozilla Hacks, Firefox developer Haik Aftandilian explained DLL injection and how corporations use the technique to customize the browser's internal routines. In essence, external code libraries, which Firefox users can list through the "about:third-party" internal page, can extend Firefox's functionality or usefulness.
However, DLL injection is still problematic because different codebases interact at the most fundamental level of the execution chain. The internet is built upon software interoperating over documented standards, Aftandilian said, and injecting foreign DLLs into undocumented internals of an application isn't exactly the best way to achieve software cooperation.
Modern web browsers like Firefox are modified, improved, and updated monthly, and foreign DDLs need to keep up with this development rate to avoid serious bugs or compatibility issues. What works today might bork the whole system next month. Unpredictable behaviors caused by DLL injection are difficult to test and debug, often requiring software updates for both the browser and the offending DLL.
Firefox 138 will include a new SDK for Data Loss Prevention (DLP) programs, which should be able to interact with the browser without resorting to DLL injection. These apps monitor the system for potential data loss incidents, an essential focus for enterprise organizations these days.
May's Firefox release includes the Content Analysis SDK, a lightweight protocol similar to technology developed by Google for Chrome. The SDK bridges the gap between the browser and a DLP agent. Mozilla's version is compatible with Chrome's implementation, so software vendors can provide a single DLP agent that works with both browsers.
The Content Analysis SDK is intended for business use cases and will only be available in Firefox 138 through Firefox Enterprise Policies. Admins can configure policies to customize the browser's behavior across a fleet of computers, such as limiting browser extensions or setting specific security options.
English (US) ·