What is a Browser Security Sandbox?! (Learn to Hack Firefox)
It's surprisingly easy to do security research on Firefox trying to find sandbox escapes. You should give it a try!
Long video version (stream Q&A): https://www.youtube.com/watch?v=VEaoDFdq95g
The Original Article: https://blog.mozilla.org/attack-and-defense/2021/04/27/examining-javascript-inter-process-communication-in-firefox/
Fuzzing IPC: https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/
Mozilla Bug Bounty: https://www.mozilla.org/en-US/security/client-bug-bounty/
00:00 - Intro
01:44 - What is a Process Sandbox?
03:04 - How to Implement a Sandbox?
03:43 - Introducing Inter Process Communication (IPC)
05:17 - Why Browsers Need a Complex Sandbox Architecture
07:19 - Browser Exploitation requires Sandbox Escape
08:42 - Strategy 1: OS Sandbox Implementation Bypass
08:59 - Strategy 2: Attacking the IPC Implementation Layer
09:48 - Strategy 3: IPC Logic Bugs
10:10 - HTML/JS Components in Firefox
11:21 - IPC Messages Implemented in JavaScript
11:58 - Setting Up Firefox Nightly For Debugging
13:20 - alert() IPC Message Handler
14:04 - IPC Message Sender
15:21 - Send Malicious IPC Messages
16:12 - CVE-2019-11708 Prompt:Open Sandbox Escape
17:13 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео What is a Browser Security Sandbox?! (Learn to Hack Firefox) канала LiveOverflow
Long video version (stream Q&A): https://www.youtube.com/watch?v=VEaoDFdq95g
The Original Article: https://blog.mozilla.org/attack-and-defense/2021/04/27/examining-javascript-inter-process-communication-in-firefox/
Fuzzing IPC: https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/
Mozilla Bug Bounty: https://www.mozilla.org/en-US/security/client-bug-bounty/
00:00 - Intro
01:44 - What is a Process Sandbox?
03:04 - How to Implement a Sandbox?
03:43 - Introducing Inter Process Communication (IPC)
05:17 - Why Browsers Need a Complex Sandbox Architecture
07:19 - Browser Exploitation requires Sandbox Escape
08:42 - Strategy 1: OS Sandbox Implementation Bypass
08:59 - Strategy 2: Attacking the IPC Implementation Layer
09:48 - Strategy 3: IPC Logic Bugs
10:10 - HTML/JS Components in Firefox
11:21 - IPC Messages Implemented in JavaScript
11:58 - Setting Up Firefox Nightly For Debugging
13:20 - alert() IPC Message Handler
14:04 - IPC Message Sender
15:21 - Send Malicious IPC Messages
16:12 - CVE-2019-11708 Prompt:Open Sandbox Escape
17:13 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео What is a Browser Security Sandbox?! (Learn to Hack Firefox) канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How To Protect Your Linux Server From Hackers!Hacking into Google's Network for $133,337Student Finds Hidden Devices in the College Library - Are they nefarious?Nintendo Hire me!!!!!!!!Crazy Steam Phishing PageWhat is a File Format?Analysing a Firefox Malware browserassist.dll - FLARE-On 2018GoogleCTF - Cross-Site Scripting "Pasteurize"Edge is... actually GOOD now!?Google Paid Me to Talk About a Security Issue!How to learn real hackingHow SUDO on Linux was HACKED! // CVE-2021-3156DO NOT USE alert(1) for XSSFPGA simulated on a GPU - GPURTL Google CTF Finals 2019 (reversing)How CPUs Access Hardware - Another SerenityOS ExploitIgniting Creativity for a (Hacking) Game - Game Devlog #2can you hack this screenshot service?? - CSCG 2021Minecraft, But I Show You How to Code a Modded Item!Solving a JavaScript crackme: JS SAFE 2.0 (web) - Google CTF 2018