Mozilla is showing off early builds of Servo, its new experimental rendering engine that is part of its plan to rebuild Firefox from the ground up. While rewriting the rendering engine in Rust to avoid security flaws is a good step forward, Servo's success could ultimately depend on what Mozilla decides to do with SpiderMonkey, the JavaScript execution engine.
The Servo next-generation rendering engine was written using the Rust programming language in order to address potential security vulnerabilities. Developers can find the source code in Mozilla's GitHub repository and nightly in-development builds for MacOS and Linux on Servo Developer Preview Downloads. Windows and Android packages are expected shortly.
Jack Moffitt, Mozilla's Servo project lead, had previously said Servo "reimagines the architecture of the browser in the modern landscape of multicore computers, GPUs, and safer programming languages."
Servo is written in Rust, Mozilla's own C-like systems programming language, to ensure thread-safe concurrency and prevent common programming mistakes that can result in exploitable security flaws. Fewer security bugs in Rust code means fewer opportunities for exploitable flaws in the rendering engine, which is a crucial step toward overall web application security.
The Rust compiler won't build an application if it detects problematic code. For example, each variable in Rust has a specified owner and a lifetime, and another owner cannot use the variable when in use by the first owner, enforcing memory safety. Servo won't have the usual use-after-free flaws and buffer overflows prevalent in many applications because they aren't possible in Rust code.
However, Servo is still using SpiderMonkey, same as Gecko, to execute JavaScript, which is written in C++. It is far easier for adversaries to trigger exploitable flaws in the JavaScript engine than the ones in the rendering engine, making revamping SpiderMonkey a high-priority project. Even so, Servo lays the groundwork for Mozilla to move forward with improvements to other browser components. With so many attacks using the web browser as the entry point, a secure rendering engine for the web browser is an important step toward giving users a more secure internet experience.
Mozilla said in its Servo road map back in March that the long-term plan is to "incrementally replace components in Gecko with ones written in Rust and shared with Servo." While Mozilla may not explicitly replace Gecko as the rendering engine for Firefox with Servo, it appears enough of Servo's code will eventually make its way to Gecko to make the two essentially the same thing.
Mozilla wil incorporate Rust code into components used by Gecko and Firefox as part of its Oxidation project, including the URL parser, MP4 metadata parser, and the WebM demuxer. Rust will also be used to replace uconv with encoding-rs and in CSS style calculations, work which is already in progress in order to use Servo's style code in Gecko.
Mozilla provided a bare-bones HTML-based browser interface with the Servo builds to test out how the engine renders websites. The builds and the browser interface are not yet fully web-compliant, and many websites will currently display with issues. Mozilla has not publicized its development schedule for Servo or future plans for a final Servo release, but the technical demonstration provides developers with the first glimpse of what Mozilla has been working on.
Developers can help identify and file issues through the Servo's GitHub repository.