Show HN: Firefox in WebAssembly
developer.puter.com240 points by coolelectronics a day ago
240 points by coolelectronics a day ago
This is the entire Firefox browser rendering to a <canvas> element. Gecko, all UI components, and the Spidermonkey JS engine are all compiled and running in WebAssembly.
Here are a few things you might find interesting:
- This is fully end to end encrypted! We use the WISP protocol for TCP-over-websockets.
- There is a novel WASM->JS JIT for experimental site speedup
- This port cost over 25k in opus/fable tokens for debugging and JIT research
This was just a fun experiment to push the boundaries of WebAssembly. For a more usable "browser in browser" experience, we also built https://github.com/HeyPuter/browser.js that eats a bit less RAM.
>This port cost over 25k in opus/fable tokens for debugging and JIT research > This was just a fun experiment to push the boundaries of WebAssembly I'm a huge fan of the project, but I have to ask. If spending $25k is a "fun experiment", where exactly is your threshold for serious work? This naturally begs the question, would a human be willing to do the same thing for $25k, and how long would that take? I've ported complex applications (not as complex) in about a month. So I could see someone already deeply familiar with Firefox and we assembly to get something working in a month or two, which 25k covers in almost all markets. But the fact remains that those individuals are few. Whereas any schmuck can get Claude to do it (no offense to OP) so at this point I don't even think the money argument is worth discussing even it comes to LLM. For the majority of people a LLM is the difference between being able to do something or not being able to do it. Research is when you don't know if it's serious work or fun experiment beforehand. I imagine it is 25k tokens not dollars https://news.ycombinator.com/item?id=48927724 seems to say dollars? Although yes the phrasing could be clearer in the post I think it was worded badly it was 25k WORTH of API billed tokens, but only actually 1 claude max 5x plan, so it was more like 100 dollars Well that's a lot of money. Cheap considering what that may have cost a few years ago I suppose. Loosely related to porting the Firefox engine in unusual places: here is a project that ports Firefox's Gecko rendering engine to iOS as a sideloadable app (normally Apple only allows its own WebKit rendering engine in iOS apps): https://github.com/minh-ton/reynard-browser Indeed. This is both the best and the only actively maintained way for older versions of iOS to use modern js. Oh and for anyone asking, you can run firefox-wasm inside firefox-wasm inside firefox! I only got this to load once though since it gets pretty unstable at that level. I can’t help but think of Gary Bernhardt’s 2014 talk, “The Birth and Death of JavaScript”: https://www.destroyallsoftware.com/talks/the-birth-and-death... I'm so glad this exists, I've been considering doing something like this for a few months. I recently got a TV based on VIDAA os, a locked-down linux-based OS where everything is rendered from Web pages. It has a built-in browser that doesn't support ad-blocking (I suspect VIDAA is profiting from showing ads on the TV), and you can't install new apps unless they're Web pages. This would hopefully allow one to run Firefox within the existing browser, then install uBlock Origin within Firefox... I know what this weekend's project is going to be... We also plan on adding extension support to https://github.com/HeyPuter/browser.js soon, which should hopefully cover use cases like that as well without the full overhead Chances are you'll run out of ram trying to run a browser inside another browser on a TV with 1-2GB ram usually. You might have a better luck with network level ad blocker like pi-hole or adguard for eg Firefox should really bundle ublock origin as-is. I install it afterwards anyway but I don't understand Mozilla here. They seem to want to stay behind Google. In 2024, "search royalties" brought in approximately $585 million for Mozilla, largely from Google. It's not hard to see why they tread very lightly around ad blocking. It's actually impressive that ublock remains easy and painless to install as an extension. Wouldn't the whole point of Google propping up competition browsers to avoid antitrust be completely undermined if Google was influencing the development of said browsers? This is amazing -- but there is something wrong with (maybe) the WebGL or color rendering. If you go to https://pskreporter.info/pskmap then the ocean should be blue (and it is blue in a native firefox). However it is a shocking shade of pink in the wasmified version. Still, it is amazing that it works at all! Firefox ESR in Debian12, won't start. 140.12.0esr (64-bit) This is the entirety of the log message. I think it should check if my browser is compatible before downloading 50+ mb. Can’t get it running on Firefox 152.0.6 (aarch64), no extensions. Running firefox on aarch64 here right now (Ubuntu 26.04 ARM on snapdragon X1E) did you enable the about:config option? it may be required Yes, you don’t get that far without it. What's your GPU driver? There's a good chance this is a bug with the GPU passthrough. You can fall back to software rendering in the advanced options while it's starting if you want to try Browser sandboxing is now fully solved. In mean... It kinda feels like this is legitimately true? An attacker trying to do anything on a user's machine through this would have to find a Firefox vulnerability and a vulnerability in the wasm runtime, which is such a high bar that I would actually feel remarkably safe running this thing. The only question is how performance works and whether there are any pain points using as a daily driver, but those feel likely to be a pretty minor point. Oh, and the usual caveat that an attacker can still compromise things inside the sandbox which does leave a certain amount of exposure (but if you run different things in different instances they're isolated). This is true but also this is probably also only half true. Sandboxing is not a fully solved issue since this 100% degrades firefox sandboxing since fission cant run and its running in singleprocess mode. Just wanted to be honest about this Unless you're running every origin in a different instance, I wouldn't use this as a daily driver, since a site would only need to find a renderer vuln to be able to read the rest of your cookies as multiprocess isolation is disabled here You are forgetting that this is largely edited by AI as a fun project. Finding a bug in that firefox probably is a lot easier than usual. Oh wow didn't expect this to be either possible or this perform so well. Also fascinating how small the wasm binary is. I made a Wasm port of FreeCad (also had a fairly popular thread here a few days ago) but that image was close to 300MB uncompressed / 90MB compressed with Brotli. (btw none of my wasm CAD ports seem to run, each with slightly different flavors of missing wasm features it seems - I have them linked on https://magik.net if you want to debug for whatever reason) Performs so well is... Subjective but generally what matters here surprisingly is not CPU speed but GPU driver quality (all on Chromium) I tested a bunch of stuff before this post went live
Apple M1/M2/M3/M4 on macOS Sequoia, good Apple M5 and prior chips on tahoe, bad due to a known GPU regression (this is actually why my personal machine runs sequoia) Windows on ARM Qualcomm Adreno X1 driver - bad to usable performance Ubuntu 26.04 Aarch64 upstream mesa with freedreno - works really well but encounters artifacting Pixel 10 Pro - doesn't work here at all Intel HD4600 on Windows 11 i7-4790k- works quite well up to 2 tabs where the renderer starts really suffering It's kind of ironic how this doesn't work in Firefox. On what platform? Works here. It worked for me but I had to enable something in about:config javascript.options.wasm_js_promise_integration Worked in my Firefox on Steam Deck. I was amazed it could run YouTube. So funny story, supporting web codecs may have been a bad idea because it led to people using more traffic per session than we assumed at first. We had to add more servers mid HN post We had completely saturated NICs on like the two original servers edit: I misunderstood, that's $25k not 25k tokens :/ time to log off. this is so rad! 25k tokens is a lot less than i thought this'd take -- what were the difficult bits in the porting process? also, was firefox preferred because parts of it are already in rust? $25k of tokens, closer to 30 billion I believe. It only took a few days to actually get the engine up, the hard parts where most of the effort was spent was squeezing out performance and increasing stability, as well as attempting the JIT. Firefox was chosen because its single-process support was in a better place than chromium/blink. WebKit is also possible, it was done by a friend of mine earlier https://github.com/theogbob/WebkitWasm ah, i misunderstood. that seemed way too low in terms of actual tokens lol. i'll log off now. interesting details and didn't know about WebkitWasm. hope to read more soon. All the network traffic from that browser is routed through a server. My IP inside that browser was in India and on CloudFlare network. I don’t particularly trust Puter. Why not route traffic through my actual browser? Because the web browser can't make arbitrary network connections. Even if it was implemented intercepting at the HTTP layer (which would probably be much more difficult than just intercepting the low level socket operations) you wouldn't be able to properly manage CORS headers, cookies and various other things. >Why not route traffic through my actual browser? Because you can't. Not even an Extension is able to. Browsers don't want you to bypass their content enforcement. I wish we had at least one hacker friendly browser. No, it is possible with extensions. Extensions can inject headers, such as Access-Control-Allow-Origin: *, to unblock cross-origin requests. In the Manifest V3 context, however, that might require patching window.fetch and window.XMLHttpRequest. For example, This is a cors bypass but part of this demo is that it's full Firefox including TLS support. Using this still means intercepting all requests in an inspectable medium and does defeat part of the point Extensions can't, correct but I wanted to bring up a special case regarding this Isolated web apps a chrome feature for developing apps that run in chromium based on HTML (but tbh only really used in Chromebooks) do support raw TCP sockets so if this was ported to an IWA you could have Firefox on a Chromebook without an external server needed. > Browsers don't want you to bypass their content enforcement I for one am happy that browsers dont let any random web page i visit port scan my internal network. No one said any site should. Letting a site you control do it is a perfectly valid user choice. Otherwise people are stuck going through third-party proxies which is far worse. The TCP proxy exit node we're using is running on Cloudflare, you can check that your traffic is still TLS encrypted by OpenSSL (also compiled to webassembly). The browser does not have a native API to send raw TCP so the proxying is done by the http://github.com/MercuryWorkshop/wisp-protocol protocol. You can check your packets in dev tools, look for a socket connection with "puter.cafe" as the host for our TCP proxy. This application is meant to be a demo for it actually (why it says at the bottom that its powered by puter networking). That is the only server side component of this. I was reading your landing page at https://developer.puter.com/networking/ and was very confused by how you were achieving the "with no server or proxy" part, until much further down the page: > "the connection is tunneled over a single WebSocket to a Puter relay" Come on, it's both a server and a proxy, and it doesn't stop being those things just because you're calling it a relay. apologies yes there is a wording error here, the correct wording is no CORS proxy, the reason why this is important is because cors proxies are inherently insecure (this is different because the TLS is done in your browser with a webassembly library). no servers is referring to you not needing to host servers in the same as the term "serverless". Such is the ways of modern tech terms I fear Seems easy to fix it and say 'no CORS proxy' and 'no need to host your own server'. It was very confusing to me too. You are definitely right, going to see if I can talk to the relevant person to fix the wording on it Puter's networking is open-source and e2e encrypted. Also, a regular browser doesn't give access to raw TCP sockets used for this, so it wouldn't be possible to route through your browser. So it's just the three accounts you have now? (Show by @coolelectronics now and 7 months ago [1], show from you/@ent101 2d ago [0], 2025[2,3,4], 2024[5,6,7,8,9,A,B,C,D], 2023[E], @george0812 2022[F]) [0]: https://news.ycombinator.com/item?id=48895945 [1]: https://news.ycombinator.com/user?id=coolelectronics [2]: https://news.ycombinator.com/item?id=45522061 [3]: https://news.ycombinator.com/item?id=44193514 [4]: https://news.ycombinator.com/item?id=42675696 [5]: https://news.ycombinator.com/item?id=41849494 [6]: https://news.ycombinator.com/item?id=41682779 [7]: https://news.ycombinator.com/item?id=41360683 [8]: https://news.ycombinator.com/item?id=41040761 [9]: https://news.ycombinator.com/item?id=40802253 [A]: https://news.ycombinator.com/item?id=39829463 [B]: https://news.ycombinator.com/item?id=39672886 [C]: https://news.ycombinator.com/item?id=39597030 [D]: https://news.ycombinator.com/item?id=39036897 what do you mean? we're a team of 10 and have 390 contributors. We post regularly, including me. The 21 on github, do you mean? And only nine above 3 commits ever? Yes you post regularly, too much even, and in the face of the guideline Please don't use HN primarily for promotion nobody (hyperbole, corrected: few) follows that promotion rule. and where are you getting 21 from? the github repo https://github.com/HeyPuter/puter says 391 contributors, subtract maybe a few for bots also, talk about posting too much? look at your own submissions page This is amazing. I loaded up https://developer.puter.com/labs/firefox-wasm/ in Chrome and I've visited a bunch of sites, it works really well. Then I opened up https://developer.puter.com/labs/firefox-wasm/ in Firefox-in-WebAssembly-in-Chrome ... and sadly it didn't load. I got this in the startup log: I've been waiting for this to happen. The websites that don't want you to block ads will serve you an obfuscated "inner browser" that will render their site. All your ad blockers, etc, are rendered moot. Once accessibility is solved this is absolutely going to be a thing on major websites. If ublock origin guards the connections above, ads still won't load. (Except embedded ads, that also show now) The future product will tunnel all the connections from the inner browser over an opaque pipe (like WebSockets) with the encryption handled by the inner browser (and using cert. pinning). This is already possible (actually because of a related project, https://github.com/ading2210/libcurl.js/ ) which compiles... I think WolfSSL or mbedTLS and libcurl to the wasm and then uses the same TCP proxy protocol we're using here (wisp) to tunnel HTTPS over a websocket connection securely and opaquely. Impressive and surprisingly performant, but what's the use-case? If anything, this is an ad for WASM! This is a fun browser demo to show how far we've come in terms of browser technology mostly I checked internet speed inside and outside the wasm, and inside wasm its 10x slower, what could be the reason? There's several opportunities for a bottleneck but it could be either the TCP implementation just not being good at receiving packets or the TCP proxy side just being congested from HN traffic > There is a novel WASM->JS JIT for experimental site speedup I would love to see the details for this. SpiderMonkey had an attempted wasm32 JIT backend, but it was never finished. edit: Apparently it also has some sort of WebAssembly interpreter backend too, which SpiderMonkey doesn't have. I had this in mind when I first saw this project too LOL Every year I need to rewatch this talk 25k tokens to port Firefox to WASM. by 2027 we'll be spending 25k tokens to port WASM back to native because someone will benchmark it and find the WASM version is 3% faster. What makes it require that WASM extension you need the flag for in Firefox? Was there really no way to work around it or polyfill it for it to work? It is performance critical? It is required in order to yield the event loop and force an implicit sync on OffscreenCanvas. There is technically a slower workaround for this but JSPI is coming soon anyway to firefox 153 and safari 27. I would be careful with this demo. When you go to whatismyip.com, it's showing: 104.28.233.73. Someone could use this to cloak their IP address and do some damage. I think they had to solve the TCP connection, as normally you can't easily implement TCP sockets in WASM. So I suppose they just need to tunnel all the connection through some websocket. Can concur, we use a proxy based on the wisp protocol to efficiently proxy TCP packets over websocket What are the $25k in tokens for? Does firefox's build system not allow building to wasm? The description mentions a similar project browser.js which apparently has some real use cases, what are they? on mobile chrome / Android I can't get the following to work : - IME / keyboard doesn't pop on any field - copy paste - scrolling with touch - ai side panel What works on mobile : - Extensions ! This is so sick great work; did you try webgpu? Since coolelectronics posted his firefox wasm here ill post my sideproject (we worked on these around the same time), Webkit In WebAssembly (And actually modern and usable! Unlike the older trevorlinton/webkit.js project) https://github.com/theogbob/WebkitWasm Not as polished as the firefox port but is a fully working port of webkit ported with fable, opus and some glm 5.2. > This is fully end to end encrypted! We use the WISP protocol for TCP-over-websockets. Umm, that doesn't sound right. By definition, i dont think you can be end2end encrypted in a web browser, since your server controls what code is run by the web browser. Puter would fully be able to spy on you if they were so inclined because they control what wasm you load. You can inspect the wasm binary, we can't take that ability away from you (or you can compile using the sources we provide on GitHub and see it provides the same result, it's actually built from an actions runner anyways) End to end Encrypted is valid here because both peers of the request (client and server) have their information being exchanged through TLS and they both manage their own keys. We can't look inside the TLS tunnel, we only transport the TCP side. It's end to end encrypted in the same sense that when you go to hackernews your ISP can't see your password because of TLS. The peer you are requesting has ensured only you can see the data, not any intermediary (Unlike in http where it's completely plain text or a corsproxy where all data is visible to the proxy). > We can't look inside the TLS tunnel, we only transport the TCP side. But you could if you were malicious, you control the tunnel creation code. > It's end to end encrypted in the same sense that when you go to hackernews your ISP can't see your password because of TLS. But its not like that. I do not have to trust my isp to not be evil. There is nothing my isp can do to read the password. I do have to trust you, you could easily modify the software in a way to read my password. ... doesn't support Firefox mobile apparently :D Does firefox mobile (Android, since firefox mobile iOS is a WebKit wrapper) support about:config settings? if so you can enable wasm_js_promise_integration in about:config and have it working likely. I will test this on my Pixel 10 pro hi reporting back, yes stock firefox mobile wont work but the BETA version will because it just added the WASM feature needed (firefox 153 adds it but regular mobile firefox lacks about:config support it seems) and by "will work" I mean will render the first frame and then freeze YMMV "Yo dawg. I herd you like web browsers, so I put a browser in your browser, so you can browse the Web while you browse the Web". Great, now I can finally make an Electron.js application with code made for Firefox! No mobile support Yeah I seem to see that it does crash on Firefox mobile, (well first frame loads) and on chrome mobile it doesn't seem to load at all (complaining about running out of memory in a small pop-up) Pixel 10 pro user here
yjftsjthsd-h - a day ago
userbinator - a day ago
gertop - 17 hours ago
fulafel - 17 hours ago
smalltorch - a day ago
yjftsjthsd-h - a day ago
rlmineing_dead - 7 hours ago
smalltorch - 21 hours ago
tech234a - 21 hours ago
The_SamminAter - 21 hours ago
coolelectronics - a day ago
ksmithbaylor - a day ago
degamad - a day ago
coolelectronics - a day ago
saidinesh5 - 14 hours ago
shevy-java - a day ago
quantummagic - a day ago
Sabinus - 18 hours ago
pjsg - 2 hours ago
thx67 - 3 hours ago
[chrome-demo] chrome assets + engine wasm ready
[gecko] warning: unsupported syscall: __syscall_madvise
[gecko] embed-xul: main() on the app pthread (PROXY_TO_PTHREAD)
[gecko] embed-xul: GECKO_GL_PASSTHROUGH=0
[gecko] embed-xul: GECKO_COARSE_CLOCK=1
[gecko] [libxul] abort: Assertion failed
[gecko] Aborted(Assertion failed)
smalltorch - 10 hours ago
brewmarche - a day ago
[chrome-demo] chrome assets ready
[gecko] warning: unsupported syscall: __syscall_madvise
[gecko] embed-xul: main() on the app pthread (PROXY_TO_PTHREAD)
[gecko] embed-xul: GECKO_GL_PASSTHROUGH=1
[gecko] embed-xul: GECKO_COARSE_CLOCK=1
[gecko] embed-xul: GECKO_GPU=1 (GPU/WebRender->canvas rendering)
[gecko] xul_init: GRE dir = /gre
[gecko] Pthread 0x11051000 sent an error! blob:https://developer.puter.com/edc1bd0a-b844-4a18-a69a-63dd49dc304a:8906: SecurityError: Security error when calling GetDirectory
rlmineing_dead - a day ago
brewmarche - a day ago
rlmineing_dead - a day ago
MajesticHobo2 - a day ago
yjftsjthsd-h - a day ago
rlmineing_dead - a day ago
coolelectronics - 21 hours ago
one33seven - 17 hours ago
devttyeu - 12 hours ago
rlmineing_dead - 7 hours ago
lxe - a day ago
jagged-chisel - a day ago
EDIT: Updated, still works on Firefox 152.0.6 (aarch64) macOS Tahoe 26.5.2 (25F84)
Firefox 152.0.5 (aarch64)
pmarreck - 21 hours ago
koolala - a day ago
rlmineing_dead - 7 hours ago
sangeeth96 - a day ago
coolelectronics - a day ago
sangeeth96 - a day ago
zerof1l - a day ago
kevincox - a day ago
koolala - a day ago
maxloh - 14 hours ago
// content.js
window.fetch = async (...args) => {
const request = args[0] instanceof Request ? args[0].url : args[0]
const config = args[1] || {}
return new Promise((resolve, reject) => {
chrome.runtime.sendMessage({ action: "proxyFetch", request, config }, response => {
if (response.error) {
const err = new Error(response.error.message)
err.name = response.error.name
err.stack = response.error.stack
if (response.error.cause) err.cause = response.error.cause
reject(err)
} else {
const base64Data = response.dataUrl.split(",")[1]
const bytes = Uint8Array.from(atob(base64Data), c => c.charCodeAt(0))
const contentType = response.headers["content-type"] || "application/octet-stream"
const blob = new Blob([bytes], { type: contentType })
const status = response.status
const statusText = response.statusText
const headers = new Headers(response.headers)
const body = status === 204 || status === 205 || status === 304 ? null : blob
resolve(new Response(body, { status, statusText, headers }))
}
})
})
}
// Background.js
chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
if (message.action === "proxyFetch") {
fetch(message.request, message.config)
.then(async res => {
const headers = Object.fromEntries(res.headers.entries())
const blob = await res.blob()
const reader = new FileReader()
reader.onloadend = () =>
sendResponse({ status: res.status, statusText: res.statusText, headers, dataUrl: reader.result })
reader.readAsDataURL(blob)
})
.catch(err => {
const { name, message, code, stack } = err
sendResponse({ error: { name, message, code, stack } })
})
// Keeps the message channel open for the async fetch
return true
}
})
rlmineing_dead - 8 hours ago
rlmineing_dead - a day ago
bawolff - 18 hours ago
koolala - 16 hours ago
rlmineing_dead - a day ago
Retr0id - a day ago
rlmineing_dead - a day ago
koolala - a day ago
rlmineing_dead - a day ago
ent101 - a day ago
gnabgib - a day ago
ent101 - a day ago
gnabgib - a day ago
peesem - a day ago
simonw - a day ago
[log] [chrome-demo] chrome assets ready
[warn] [gecko] warning: unsupported syscall: __syscall_madvise
EvanAnderson - a day ago
lukan - 14 hours ago
EvanAnderson - 13 hours ago
rlmineing_dead - 8 hours ago
pmarreck - 21 hours ago
rlmineing_dead - 7 hours ago
virajk_31 - 13 hours ago
rlmineing_dead - 8 hours ago
eqrion - a day ago
throwaway2027 - a day ago
rlmineing_dead - a day ago
luciana1u - a day ago
koolala - a day ago
coolelectronics - a day ago
elmer2 - a day ago
haddr - a day ago
rlmineing_dead - 8 hours ago
voidUpdate - 17 hours ago
andai - a day ago
rmac - a day ago
ohonbob - a day ago
bawolff - 18 hours ago
rlmineing_dead - 8 hours ago
bawolff - 3 hours ago
som - a day ago
rlmineing_dead - a day ago
rlmineing_dead - a day ago
mdlxxv - a day ago
l1ng0 - a day ago
SpyCoder77 - a day ago
rlmineing_dead - a day ago