Despite all the efforts of fixing Cross-Site Scripting (XSS) on the web, it continuously ranks as one of the most dangerous security issues in software. In particular, DOM-based XSS is … Read more
Firefox uses Inter-Process Communication (IPC) to implement privilege separation, which makes it an important cornerstone in our security architecture. A previous blog post focused on fuzzing the C++ side … Read more
This blog post is one of several guest blog posts, where we invite participants of our bug bounty program to write about bugs they’ve reported to us. Background In … Read more
This is the second and final part of a blog post series that explains how Firefox implements Web Security fundamentals, like the Same-Origin Policy and Content-Security-Policy. While the first … Read more
In a recent academic publication titled Hardening Firefox against Injection Attacks (to appear at SecWeb – Designing Security for the Web) we describe techniques which we have incorporated into … Read more
This is the first part of a blog post series that will allow you to understand how Firefox implements Web Security fundamentals, like the Same-Origin Policy. This first post of … Read more
This post first appeared on the Mozilla Security Blog I recently gave a talk at OWASP Global AppSec in Amsterdam and summarized the presentation in a blog post about how … Read more
This is the blog post version of my presentation form OWASP Global AppSec in Amsterdam 2019. It was presented in the AllStars Track. Abstract: Browsers are complicated enough to have … Read more