Firefox version 138 will introduce an alternative to traditional DLL injection methods for Data Loss Prevention (DLP) solutions within enterprise settings.
DLL Injection
The issue of DLL injection into Firefox has been previously discussed. In 2023, an article detailed Firefox’s feature allowing users to block third-party DLLs, explaining the concept of DLL injection, how problematic modules are managed, the about:third-party page, and the third-party injection policy. Earlier, in 2019, a study on DLL injection bugs in Firefox was published in collaboration with Polytechnique Montréal. This topic is now revisited concerning enterprise Firefox deployments.
To clarify, DLL injection refers to third-party Windows software inserting its own DLL module code into Firefox. Third parties create DLLs for injection into applications to expand their capabilities, a common practice within the Windows environment. When external code is injected, it interacts with the application’s internal workings. While software interoperability is standard, DLL injection differs because it relies on undocumented internal interfaces, which are not designed for stability. This makes them an unreliable basis for software development. Changes to the core application can lead to incompatibilities, causing crashes or unexpected behavior. Modern web browsers like Firefox receive monthly updates with new features and fixes. Regular browser development can therefore create conflicts with injected software, leading to Firefox crashes, security feature bypasses, or other unpredictable issues. Resolving these problems often requires urgent troubleshooting and workarounds for users until software updates are provided, frequently involving cooperation between browser and third-party application developers. Injected software ranges from small open-source projects to extensive enterprise security products. To address some of the most challenging DLL injection problems, focus has shifted to Data Loss Prevention enterprise applications.
Data Loss Prevention (DLP) in the Enterprise
Data Loss Prevention (DLP) products are widely used by organizations to prevent accidental disclosure of sensitive information. This sensitive data can include customer details like names, addresses, credit card numbers, or proprietary company secrets. Similar to antivirus software, DLP solutions are deployed across corporate computer networks. Their adoption has grown significantly, primarily driven by compliance requirements and liability considerations.
DLP software commonly employs DLL injection to monitor applications like Firefox for activities that could lead to data leaks. This monitoring targets specific operations known to handle sensitive information, including file uploads, copy-pasting, drag-and-drop actions, and printing.
DLP and Firefox Today
Currently, DLP software often monitors Firefox activity through DLL injection. While not unique to Firefox, web browsers are frequently used and undergo continuous development, which increases the risks associated with DLL injection. DLP software is usually deployed across corporate computer fleets managed by IT departments, including the injection software itself. DLP vendors strive for compatibility with the latest Firefox versions by testing beta releases and updating their DLLs; however, issues still arise regularly. A typical scenario involves corporate users encountering a problem and reporting it to their IT department. IT staff then debug the issue, potentially filing a bug report with Firefox or the DLP vendor. When a Firefox bug is reported, it can be difficult to ascertain if external software caused it. Upon discovering such problems, the vendor is notified, and workarounds are investigated. Meanwhile, users experience disruptions and may need to find temporary solutions or switch browsers. A non-functional browser quickly escalates to a high-severity incident, requiring rapid response from support teams to restore functionality.
Browsing Privacy
On company-owned computers, user browsing privacy is frequently influenced by corporate software policies. While legal requirements and disclosures vary by region, technically, a corporation controlling a device has multiple ways to monitor activity according to its policy. Firefox operates on the principle that browsing data belongs solely to the user; however, as an application, it cannot override the device administrator’s directives. If an administrator chooses to deploy DLP software, they expect it to function alongside other installed applications. Without a properly supported integration mechanism, administrators might resort to less transparent and error-prone methods like DLL injection, or opt for a different browser.
What’s New – Reducing DLL Injection in the Enterprise
Firefox 138 will enable DLP software to operate without DLL injection. This version integrates the Content Analysis SDK, which can be activated via Enterprise Policies. The SDK, initially developed by Google and utilized in Chrome Enterprise, establishes a lightweight protocol between the browser and a DLP agent. Each browser implements this protocol specifically; thus, Firefox has its own unique implementation. This integration allows Firefox to communicate with DLP software while minimizing the need for third-party code injection. This enhancement is expected to boost stability for enterprise Firefox users, and as more DLP vendors adopt the SDK, the amount of injected third-party code into Firefox will decrease. The use of a common SDK across vendors and browsers means that a single DLP agent implementation can be compatible with multiple browsers. During the development of Firefox’s implementation, collaboration with prominent DLP vendors has occurred to ensure compatibility. Beyond improved stability, Firefox will also show an indicator when the DLP SDK is active, offering greater transparency to users.
For Enterprise Use
The Content Analysis SDK will only be enabled in Firefox configurations that utilize a Firefox Enterprise Policy. Organizations employ Firefox Enterprise Policies to manage Firefox settings across their computer networks. These policies allow administrators to configure various aspects of Firefox, such as restricting browser extension installations, defining security settings, and setting network proxy configurations. Further details on Firefox Enterprise Policies are available in the support article ‘Enforce policies on Firefox for Enterprise’.
