[SketchySeaBeast]

I'm confused as to why someone would even want them to change the codebase - is this just an example of the "newer is better" problem we have here in tech? Is there something glaringly obvious about Rust that would make the effort worthwhile?

[hollerith]

Web browsers are almost unique in how hard it is to make them resistant enough to attacks to fully protect the interests of their users. I know that when my local copy of Firefox got a malware infection, I reacted by switching to Chrome. That was about 2.5 years ago, and I have yet to switch back.

(More on why I switched. I like to tweak things, and had gotten used to about 8 or so about:config customizations and a handful of Firefox extensions. The infection added tons of phoney about:config customizations, and it would have been tedious to identify which customizations were mine and which were the infection's. IIRC, if I had had a backup of my customizations unmixed with phoney customizations, I wouldn't have switched. I.e., basically I switched to avoid my having to learn how to back up my about:config settings and my choice of extensions. I recall spending some time with a search engine unsuccessfully trying to learn.)

[steveklabnik]

For a case study here, see https://www.youtube.com/watch?v=Y6SSTRr2mFU

TL;DR: Rust's concurrency guarantees made parallelizing CSS layout feasible. They tried it in C++ twice, and failed.

One of the early justifications for pursing Rust at all was security; an internal survey of security issues was done, and over half of them were memory-safety related. At the same time, browsers need speed. Traditionally, you get either speed or memory safety in a language; Rust gives you both.

[gridlockd]

Because within that codebase there's an untold number of exploitable memory errors which put users at risk. Browsers have critical security issues all the time.

[SketchySeaBeast]

So would Rust remove all the potential exploits?

[viraptor]

A few of them. It won't stop logic errors (although enums help here) but it will prevent buffer overflows, use-after-free, some cases of type confusion, uninitialised reads, and a few other problems.

[gridlockd]

If you look at the CVEs for browsers, I would say a great majority is due to errors that would've been prevented in any memory safe language - not specifically Rust.

However due to the other requirements (like performance) and its adoption at Mozilla, Rust is a real contender.

[FieryTransition]

Exactly, and besides, if you want to write secure software it is also mostly a development process thing, and not just what programming language you write it with.