What is a Browser Security Sandbox?! (Learn to Hack Firefox)
Вставка
- Опубліковано 27 лип 2024
- It's surprisingly easy to do security research on Firefox trying to find sandbox escapes. You should give it a try!
Long video version (stream Q&A): • Examining JavaScript I...
The Original Article: blog.mozilla.org/attack-and-d...
Fuzzing IPC: blog.mozilla.org/attack-and-d...
Mozilla Bug Bounty: www.mozilla.org/en-US/securit...
00:00 - Intro
01:44 - What is a Process Sandbox?
03:04 - How to Implement a Sandbox?
03:43 - Introducing Inter Process Communication (IPC)
05:17 - Why Browsers Need a Complex Sandbox Architecture
07:19 - Browser Exploitation requires Sandbox Escape
08:42 - Strategy 1: OS Sandbox Implementation Bypass
08:59 - Strategy 2: Attacking the IPC Implementation Layer
09:48 - Strategy 3: IPC Logic Bugs
10:10 - HTML/JS Components in Firefox
11:21 - IPC Messages Implemented in JavaScript
11:58 - Setting Up Firefox Nightly For Debugging
13:20 - alert() IPC Message Handler
14:04 - IPC Message Sender
15:21 - Send Malicious IPC Messages
16:12 - CVE-2019-11708 Prompt:Open Sandbox Escape
17:13 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow - Наука та технологія
![Lp. Последняя Реальность #107 РОДНОЙ ДОМ [Финал] • Майнкрафт](http://i.ytimg.com/vi/IK3QKzKUlHM/mqdefault.jpg)
Watch the long version with Q&A and more context on my second channel @LiveUnderflow ua-cam.com/video/VEaoDFdq95g/v-deo.html
you should make a video explaining the difference between arch linux and other linux distros
Accept Jesus Christ as your Lord and Savior and you will be saved. John 3:16 (Share the good news of the gospel around the world!)...... ,,..
Have a wonderful rest of your day/night everyone, may the LORD bless you all, and farewell!.,,, ,,,,.. ,,,,,
@@1CT1 nobody wants anything to do with your cult
I am curious about webassembly and sandboxing. Have read something about that multiprocessing of webassembly isnt secure in sandboxing. Anyway i Think that wasm is the future. Would be Nice if you could do a video about the security concerns.
So this is what the "--no-sandbox" tag in de-googled Chrome means. See, I at least learned one thing from this video, it didn't go entirely over my head, LOL!
I really liked this one. It was not on the heavy (technical) side. Working in infosec full time, I sometimes don't have the energy to dig through code and do heavy technical lifting in my free time, but some light reading or videos like this one are perfect.
Whoa, Firefox seems like an open book now! (Not like I read it but at least it's open now...) I always thought it's some magic, super 1337 stuff (which is not really typical for me because I normally like to explore software / tech). Thanks for changing my view there. I guess that's an extremely interesting rabbit hole to go down into in the near future.
doown the rabbit hole 🐇
not that this video isn't good at explaining it but it's been documented for a while also the code was always open to look at
@@ChristopherGray00 Sure, but I didn't even have the idea of looking into it back then. I wrote my comment to express how thankful I was for him to open my eyes there. No one starts out as a genius...
The way you explain a Concept Is Just Super Great, loved your videos Keep up the Good work :)
I've been watching these videos for a while now, Decided to signup as a patreon! Love it whenever you upload new content! Always quality stuff!
Great stuff. Always glad to see you pop up in my notifications.
Damn, I was thinking the exploit would be Firefox’s old oversimplified logo
Firefox old oversimplified logo? Is that a joke or was that supposed to be a idiotic comment?
Is there any logic in what you said?
@@Agent-ew6jw Don't be so toxic it's a joke about Firefoxes new Logo
@@joachimprz I am not being rude I am being logical and I'm being technical and in a technical and rational way.
I was worried whether there could be a exploitative method of what the user was talking about.
But I now am aware it is a joke or a pawn to refer to the firefox's new logo.
ok
@@kreuner11 pov: you dont understand icons are still oversimplified
You seem like such a chill dude man, gg for being one of the greatest youtube channels in your field
Man soo goood!!🍻
You're helping the community sd much as you can by making and sharing such content! 🙌
This is really well delivered and produced, great job with a complex topic!
Why is there red color in your name?
This is really cool! i've just been playing around with reverse engineering websites till now as i'm not familiar with debugging compiled code but this might be something i'd actually be able to do, i'm definitely going to give this a try!
Absolutely fantastic video! I learned so much! Thank you for posting.
I hope he never stops to explain stuff :-)
Really nice, learned a lot thank you
Just wanted to share that the knowledge you are sharing is pure gold!
That was fascinatingly, great content!
Great video as always, although I do miss the drawing and visual examples while explaining things. You still explain things well, but my mind wanders off without the visual part haha.
I can't imagine that this type of videos are in youtube. It is worthier than even the paid content on best websites. He has become my idol
As Always 👌
Btw, What happened to your fingers?
Finally another masterpiece!
That was an interesting one. Thank you!
This was really cool! Thanks :)
I'm still learning Linux and Terminal prior to learn to code, but liked the channel very much!
Thanks for the videos!
When I first found out that a browser's own UI is just more HTML/JS I was shocked, but it actually makes a lot of sense! When you already _have_ a program to render HTML and execute JS, you can just use these technologies to implement the program's own UI, and don't have to rely on whatever toolkit happens to be installed on the OS you're running on.
Very well explained thanks!!
this is the content I want thank you so much interesting and informative great job
Awesome content, thanks!
very intresting.
expecting more like this
Another great vid. Thanks a lot
Thanks a lot for this video! Very interesting!
Thanks for your amazing content
Great Video!
Sandbox is cool and fun
thank a lot, you gave me more knowledge
thank you so much for making this video!!!!
that's the good stuff that i expect from live over flow
Good one. Thx dude
Absolutely Awesome
Mr. LiveOverflow is very knowledgeable sent from heaven.
really cool brother
I am blown away by the fact that web browser itself is written using web technologies.
Would like to see more sandbox
A very important video
I was watching this on Firefox and when you showed dev tools I was confused because I thought my browser just randomly opened dev tools lol
This deserves to be a netflix series.
Awesome video
Very cool!
Thanks for your sharing
Super interesting thanks
I don't understand. So the message loop in the parent process responsible for handling javascript messages coming from the sandboxed processes is implemented in Javascript itself?
cleanes video einfach nur
cool video. ty
Waow awesome video.
Mind blowing
I found weird bug in firefox javascript console: if you copy+paste (don't press enter)
Function.prototype.call.bind(Function.prototype.call,alert,window,'lol')()
if will show alert without you pressing enter 🙃
restore session exploit is latest for firefox. and not many know about it essentialy if u turn down machine via power button or loss of power and it asks to restore session of pre-loaded website the payload loads then. it is similar to the sad face of crashing chrome sometimes. yes it is live yes it is unpatched
Imagine a sandbox as a walled in area, sure there are gates but how can you get through the gates? Within the walled in area you can do whatever you want, however its a small enough area where you can only do the purpose your suppost to do. The problem is getting out of the wall
Knowledgeable!
that's awesome
Java drive bys... I remember having a few of them back in the day.
but why? why would you do that?
So cool.
why are channels like these so underrated. Makes me ask tf god?
dafuq 😮
His channel is one of the biggest "tech in detail" channels i know, or even the biggest.
I wouldnt say this channel is underrated. I mean its a niche topic for YT in general.
@@TheVertical92 I am talking about his views. Subs don't make money. It's the views
@@studyshit4418 because it is less interesting than let's say cat video. Not exactly a joke but yeah because it is a specific area (security) in a specific (IT) field. It is just less appealing to mass public because most people don't care. The ones that do, the numbers are not that big unfortunately
this browser sandbox model is also there in electron as it uses the V8 engine but why do electron uses this sand boxing model when there framework was created to create desktop apps which are supposed to access the filesystem
very goood
16:23 whoo hooo
*shouts in a rage* IFRAAMMEES!
so if a website demands me to remove sandbox attribute from the , it wants to hack me, correct?
What are you wearing in your fingers?
Mhmm... Now that I watched it and you reminded me how browsers use HTML/JS for their own interfaces I am wondering...
How slow would a browser built in Electron actually be...
A browser built in... a browser?
Obviously I'm oversimplifying saying that Electron is "a browser", but whoever worked with it would get the point...
You might want to take a look at the Min browser. It's actually quite fast and light. At least it was at the time.. I remember using it on my previous laptop (dual core Celeron with 2GB of RAM) because Chrome was too heavy
take a look at the Discord app :)
@@peulleieoyukino6369 No because that's not the point...
@@shapelessed The Discord app is a browser built in electron
sure it does lack a way to search the web, but it can run web pages to a certain extent
So thats why FireFox are eating ram as candy now
Firefox also has a lot of rust code now but it might not be used for IPC
@LiveOverflow Could you, if you're interested in this as well, make a video about windows 95 vulnerabilities and exploits? Would be very interested in seeing how insecure old systems like this really are compared to todays standards
Disable adblockers to support this guy!
if the browser create an sandbox for every page it loads, can some attacker "DDOS" the memory for sandbox pointers?
i mean, how many sandboxes can an browser realy create before it crashes?
what if i for example, put 1 million s for different urls in the page?
Can you turn crashing into a security issue though? Remember that other Liveoverflow video where they decided to "fix" a browser security bug by crashing the browser? Can't steal data or install malware through the browser when the browser is crashed...
that's just troll, lol
What about known vulnerabilities that are not 0 days but still have not been fixed?
I hope your fingers are doing well.
also i think he might have a cat cause of the scrtach on his arm
Browser exploits?
*webkit on (game)consoles intensifies*
Hey, what do you think about the BRAVE browser? Is it more/less secure than Firefox/Chrome? I would love to hear your opinion on that browser. Thanks!
It’s just a skin. I prefer using one of the original broesers
Brave is built on Chromium which is what Chrome and new MS Edge use under the hood.
@@LiveOverflow But still it seems to be promoting more security/privacy? Is there some truth behind it or just marketing?
@@bennort6035 To me it seems like just marketing. They've done very shady things behind people's backs, like replacing urls for different sites with their referral urls. They're also funded by a US department of defense contractor, which specializes in big data analytics. In general their for-profit model very much goes against what they claim they stand for, as they can just do a 180 turn once they find something else to be more profitable than privacy/security.
They like to act privacy friendly on the surface, but they completely violate what they claim to stand for whenever they can get away with it.
Cool
How do I hire your company... I am 100% sandboxed and its being used to cripple me.
Hey LiveOverflow, what happened to your elbow? It seems to be cut open or something.
È stato stuprato secondo me
Thank you my friend I find it highly ironic that I switched back onto your channel here and there was a thumbs-down and I didn't do that. But that's okay I know who is doing it. Follow the money. You're more than welcome to get into anything that you want on my end and sign these mofos. Although I already know who they are. Take care all of my best to you and yours stay blessed
Can someone please explain who Freddy is?
after watching this, and thinking how long its been since i clean installed windows... im like... not sure man
but i think if all for example s on the page gets it's own process this can open firefox to DoS attacks, but at least my websites credentials are kinda safe.
I agree with you on ozone in low concentrations, but to describe ozone in higher concentrations as merely an irritant is a rather large understatement.
Seeing this just after the news about Firefox being overtaken by Edge... it seems like Firefox is getting a lot of shit recently
Hey bro how about "android exploitation" explanation. :) Plzz
Can't the W3C drop from the standard? I don't imagine many legitimate use cases for it.
Ads
s are actually a really great security feature nowadays. Checkout sandboxed s.
Still here.
Can we sandbox the sandbox, and at least garantee that even if the browser sandbox is compromised, the entire system won't, in a Easy Way ?
use qubes?
🥰🥰🥰
i just wonder what happened to your hand.. lol
Firefox users:
Current objective: survive
679th!!
OMG Sauercloud XD
Even browser do better than our COVID lockdown
oh humanity
Me who took only a few classes of Coding during HS, oh yes the javascript engine
What happened to your fingers?
Played too rough in the sandbox