Insights into HTTPS-Only Mode
In a recent academic publication titled HTTPS-Only: Upgrading all connections to https in Web Browsers (to appear at MadWeb – Measurements, Attacks, and Defenses for the Web) we present … Read more
Christoph Kerschbaumer
Effectively Fuzzing the IPC Layer in Firefox
The Inter-Process Communication (IPC) Layer within Firefox provides a cornerstone in Firefox’ multi-process Security Architecture. Thus, eliminating security vulnerabilities within the IPC Layer remains critical. Within this blogpost we … Read more
Understanding Web Security Checks in Firefox (Part 2)
This is the second and final part of a blog post series that explains how Firefox implements Web Security fundamentals, like the Same-Origin Policy and Content-Security-Policy. While the first … Read more
Hardening Firefox against Injection Attacks – The Technical Details
In a recent academic publication titled Hardening Firefox against Injection Attacks (to appear at SecWeb – Designing Security for the Web) we describe techniques which we have incorporated into … Read more
Understanding Web Security Checks in Firefox (Part 1)
This is the first part of a blog post series that will allow you to understand how Firefox implements Web Security fundamentals, like the Same-Origin Policy. This first post of … Read more