Visible to the public Hardening Firefox against Injection Attacks

TitleHardening Firefox against Injection Attacks
Publication TypeConference Paper
Year of Publication2020
AuthorsKerschbaumer, C., Ritter, T., Braun, F.
Conference Name2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW)
Date Publishedsep
Keywordsauthoring languages, browser security, Browsers, Cross Site Scripting, CSS, Firefox, Hardening, HTML, Human Behavior, hypermedia markup languages, information retrieval, injection attacks, Internet, JavaScript, online front-ends, Operating systems, pubcrawl, real-world security vulnerabilities, resilience, Resiliency, Runtime, Scalability, security, security of data, Universal Cross-site Scripting, untrusted Web content, user interface, user interfaces, Web browsers display content, Web pages, web security, Web security model, Web sites, World Wide Web
AbstractWeb browsers display content in the form of HTML, CSS and JavaScript retrieved from the world wide web. The loaded content is subject to the web security model and considered untrusted and potentially malicious. To complicate security matters, Firefox uses the same technologies to render its user interface as it does to render untrusted web content which blurs the distinction between the two privilege levels.Getting interactions between the two correct turns out to be complicated and has led to numerous real-world security vulnerabilities. We study those vulnerabilities to discover common threats and explain how we address them systematically to harden Firefox.
Citation Keykerschbaumer_hardening_2020