2021-07-10

[public] 14.6K views, 8.57K likes, 10.0 dislikes audio only

LiveOverflow

It's surprisingly easy to do security research on Firefox trying to find sandbox escapes. You should give it a try!

Long video version (stream Q&A): https://www.youtube.com/watch?v=VEaoDFdq95g

The Original Article: https://blog.mozilla.org/attack-and-defense/2021/04/27/examining-javascript-inter-process-communication-in-firefox/

Fuzzing IPC: https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/

Mozilla Bug Bounty: https://www.mozilla.org/en-US/security/client-bug-bounty/

00:00 - Intro

01:44 - What is a Process Sandbox?

03:04 - How to Implement a Sandbox?

03:43 - Introducing Inter Process Communication (IPC)

05:17 - Why Browsers Need a Complex Sandbox Architecture

07:19 - Browser Exploitation requires Sandbox Escape

08:42 - Strategy 1: OS Sandbox Implementation Bypass

08:59 - Strategy 2: Attacking the IPC Implementation Layer

09:48 - Strategy 3: IPC Logic Bugs

10:10 - HTML/JS Components in Firefox

11:21 - IPC Messages Implemented in JavaScript

11:58 - Setting Up Firefox Nightly For Debugging

13:20 - alert() IPC Message Handler

14:04 - IPC Message Sender

15:21 - Send Malicious IPC Messages

16:12 - CVE-2019-11708 Prompt:Open Sandbox Escape

17:13 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/