Show HN: Firefox in WebAssembly
Comments
yjftsjthsd-h
brewmarche
Can’t get it running on Firefox 152.0.6 (aarch64), no extensions.
[chrome-demo] chrome assets ready
[gecko] warning: unsupported syscall: __syscall_madvise
[gecko] embed-xul: main() on the app pthread (PROXY_TO_PTHREAD)
[gecko] embed-xul: GECKO_GL_PASSTHROUGH=1
[gecko] embed-xul: GECKO_COARSE_CLOCK=1
[gecko] embed-xul: GECKO_GPU=1 (GPU/WebRender->canvas rendering)
[gecko] xul_init: GRE dir = /gre
[gecko] Pthread 0x11051000 sent an error! blob:https://developer.puter.com/edc1bd0a-b844-4a18-a69a-63dd49dc304a:8906: SecurityError: Security error when calling GetDirectorydegamad
I'm so glad this exists, I've been considering doing something like this for a few months.
I recently got a TV based on VIDAA os, a locked-down linux-based OS where everything is rendered from Web pages. It has a built-in browser that doesn't support ad-blocking (I suspect VIDAA is profiting from showing ads on the TV), and you can't install new apps unless they're Web pages.
This would hopefully allow one to run Firefox within the existing browser, then install uBlock Origin within Firefox... I know what this weekend's project is going to be...
coolelectronics
We also plan on adding extension support to https://github.com/HeyPuter/browser.js soon, which should hopefully cover use cases like that as well without the full overhead
shevy-java
Firefox should really bundle ublock origin as-is. I install it afterwards anyway but I don't understand Mozilla here. They seem to want to stay behind Google.
quantummagic
In 2024, "search royalties" brought in approximately $585 million for Mozilla, largely from Google. It's not hard to see why they tread very lightly around ad blocking. It's actually impressive that ublock remains easy and painless to install as an extension.
coolelectronics
Oh and for anyone asking, you can run firefox-wasm inside firefox-wasm inside firefox! I only got this to load once though since it gets pretty unstable at that level.
MajesticHobo2
Browser sandboxing is now fully solved.
yjftsjthsd-h
In mean... It kinda feels like this is legitimately true? An attacker trying to do anything on a user's machine through this would have to find a Firefox vulnerability and a vulnerability in the wasm runtime, which is such a high bar that I would actually feel remarkably safe running this thing. The only question is how performance works and whether there are any pain points using as a daily driver, but those feel likely to be a pretty minor point. Oh, and the usual caveat that an attacker can still compromise things inside the sandbox which does leave a certain amount of exposure (but if you run different things in different instances they're isolated).
azakai
Prior art: WebKit.js, the WebKit rendering engine ported to JS
zerof1l
All the network traffic from that browser is routed through a server. My IP inside that browser was in India and on CloudFlare network. I don’t particularly trust Puter. Why not route traffic through my actual browser?
kevincox
Because the web browser can't make arbitrary network connections. Even if it was implemented intercepting at the HTTP layer (which would probably be much more difficult than just intercepting the low level socket operations) you wouldn't be able to properly manage CORS headers, cookies and various other things.
rlmineing_dead
The TCP proxy exit node we're using is running on Cloudflare, you can check that your traffic is still TLS encrypted by OpenSSL (also compiled to webassembly). The browser does not have a native API to send raw TCP so the proxying is done by the http://github.com/MercuryWorkshop/wisp-protocol protocol. You can check your packets in dev tools, look for a socket connection with "puter.cafe" as the host for our TCP proxy. This application is meant to be a demo for it actually (why it says at the bottom that its powered by puter networking). That is the only server side component of this.
Retr0id
I was reading your landing page at https://developer.puter.com/networking/ and was very confused by how you were achieving the "with no server or proxy" part, until much further down the page:
> "the connection is tunneled over a single WebSocket to a Puter relay"
Come on, it's both a server and a proxy, and it doesn't stop being those things just because you're calling it a relay.
ent101
Puter's networking is open-source and e2e encrypted. Also, a regular browser doesn't give access to raw TCP sockets used for this, so it wouldn't be possible to route through your browser.
ohonbob
Since coolelectronics posted his firefox wasm here ill post my sideproject (we worked on these around the same time), Webkit In WebAssembly (And actually modern and usable! Unlike the older trevorlinton/webkit.js project)
https://github.com/theogbob/WebkitWasm
Not as polished as the firefox port but is a fully working port of webkit ported with fable, opus and some glm 5.2.
eqrion
> There is a novel WASM->JS JIT for experimental site speedup
I would love to see the details for this. SpiderMonkey had an attempted wasm32 JIT backend, but it was never finished.
edit: Apparently it also has some sort of WebAssembly interpreter backend too, which SpiderMonkey doesn't have.
rlmineing_dead
I had this in mind when I first saw this project too LOL
Every year I need to rewatch this talk
sangeeth96
edit: I misunderstood, that's $25k not 25k tokens :/ time to log off.
this is so rad! 25k tokens is a lot less than i thought this'd take -- what were the difficult bits in the porting process? also, was firefox preferred because parts of it are already in rust?
coolelectronics
$25k of tokens, closer to 30 billion I believe. It only took a few days to actually get the engine up, the hard parts where most of the effort was spent was squeezing out performance and increasing stability, as well as attempting the JIT.
Firefox was chosen because its single-process support was in a better place than chromium/blink. WebKit is also possible, it was done by a friend of mine earlier https://github.com/theogbob/WebkitWasm
sangeeth96
ah, i misunderstood. that seemed way too low in terms of actual tokens lol. i'll log off now. interesting details and didn't know about WebkitWasm. hope to read more soon.
mdlxxv
"Yo dawg. I herd you like web browsers, so I put a browser in your browser, so you can browse the Web while you browse the Web".
ent101
should've used this in the splash screen :(
jedisct1
"This browser doesn't support WebAssembly JSPI, which Firefox WASM needs to run."
som
... doesn't support Firefox mobile apparently :D
rlmineing_dead
Does firefox mobile (Android, since firefox mobile iOS is a WebKit wrapper) support about:config settings? if so you can enable wasm_js_promise_integration in about:config and have it working likely. I will test this on my Pixel 10 pro
rlmineing_dead
hi reporting back, yes stock firefox mobile wont work but the BETA version will because it just added the WASM feature needed (firefox 153 adds it but regular mobile firefox lacks about:config support it seems)
and by "will work" I mean will render the first frame and then freeze
YMMV
>This port cost over 25k in opus/fable tokens for debugging and JIT research
> This was just a fun experiment to push the boundaries of WebAssembly
I'm a huge fan of the project, but I have to ask. If spending $25k is a "fun experiment", where exactly is your threshold for serious work?