Attack & Defense

Firefox Security Internals for Engineers, Researchers, and Bounty Hunters

The Attack & Defense blog and Mastodon account are for security researchers who are interested in new developments in Mozilla's Bug Bounty, and guides, tips, and tricks for finding bugs in Firefox.

IPC Fuzzing with Snapshots

Process separation remains one of the most important parts of the Firefox security model and securing our IPC (Inter-Process Communication) interfaces is crucial to keep privileges in the different processes … Read more