IPC Fuzzing with Snapshots
Process separation remains one of the most important parts of the Firefox security model and securing our IPC (Inter-Process Communication) interfaces is crucial to keep privileges in the different processes … Read more
Firefox Security Internals for Engineers, Researchers, and Bounty Hunters
Process separation remains one of the most important parts of the Firefox security model and securing our IPC (Inter-Process Communication) interfaces is crucial to keep privileges in the different processes … Read more
In Firefox 95, we’re shipping a novel sandboxing technology called RLBox — developed in collaboration with researchers at the University of California San Diego and the University of Texas — … Read more
Despite all the efforts of fixing Cross-Site Scripting (XSS) on the web, it continuously ranks as one of the most dangerous security issues in software. In particular, DOM-based XSS is … Read more
Intro Last year, during lockdown, many discovered the importance of PDF forms when having to deal remotely with administrations and large organizations like banks. Firefox supported displaying PDF forms, but … Read more
Or: The C Language Itself is a Security Risk, Exhibit #958,738 This post is aimed at people who are developers but who do not know C or low-level details … Read more
We successfully deployed ThreadSanitizer in the Firefox project to eliminate data races in our remaining C/C++ components. In the process, we found several impactful bugs and can safely say … Read more
Introduction Mozilla has been fuzzing Firefox and its underlying components for a while. It has proven to be one of the most efficient ways to identify quality and security … Read more
Firefox uses Inter-Process Communication (IPC) to implement privilege separation, which makes it an important cornerstone in our security architecture. A previous blog post focused on fuzzing the C++ side … Read more
In a recent academic publication titled HTTPS-Only: Upgrading all connections to https in Web Browsers (to appear at MadWeb – Measurements, Attacks, and Defenses for the Web) we present … Read more
This blog post is one of several guest blog posts, where we invite participants of our bug bounty program to write about bugs they’ve reported to us. Continuing with … Read more
The Inter-Process Communication (IPC) Layer within Firefox provides a cornerstone in Firefox’ multi-process Security Architecture. Thus, eliminating security vulnerabilities within the IPC Layer remains critical. Within this blogpost we … Read more
This blog post is one of several guest blog posts, where we invite participants of our bug bounty program to write about bugs they’ve reported to us. This is a … Read more