Conference Venue: RAI Amsterdam, Europaplein 24, 1078 GZ Amsterdam, The Netherlands

Book Hotel click HERE
Back To Schedule
Thursday, September 26 • 10:15am - 11:00am
Remote Code Execution in Firefox Beyond Memory Corruptions

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Browsers are complicated enough to have attack surface beyond memory safety issues. This talk will look into injection flaws in the user interface of Mozilla Firefox, which is implemented in JS, HTML, and an XML-dialect called XUL. With an Cross-Site Scripting (XSS) in the user interface attackers can execute arbitrary code in the context of the main browser application process. This allows for cross-platform exploits of high reliability. The talk discusses past vulnerabilities and will also suggest mitigations that benefit Single Page Applications and other platforms that may suffer from DOM-based XSS, like Electron.


Frederik Braun

Frederik Braun defends Mozilla Firefox as a Staff Security Engineer in Berlin. Besides enhancing the browser, he has also been involved in web and mobile security. Frederik contributes to the W3C Web Application Security Working Group and co-authored the Subresource Integrity standard... Read More →

Thursday September 26, 2019 10:15am - 11:00am CEST