Overview
Explore the world of Firefox extension security in this 57-minute Black Hat conference talk. Delve into the novel extension-reuse vulnerability that allows adversaries to launch stealthy attacks against users. Learn about CROSSFIRE, a lightweight static analyzer for Firefox legacy extensions that automatically discovers vulnerabilities and generates exploit templates. Discover how popular extensions, downloaded by millions of users, contain exploitable extension-reuse vulnerabilities. Examine the impact of these vulnerabilities, challenges in detection, and potential solutions through a comprehensive analysis of extension architecture, threat models, and existing security methods. Gain insights into the effectiveness of malicious extensions in evading detection by extension vetters. Understand the implications for browser security and the importance of addressing these vulnerabilities to protect users' sensitive information and system resources.
Syllabus
Introduction
Agenda
Extensions
Extension Architecture
Threat Model
Existing Methods
Jetpack
Attack Model
Impact
Simple Attack
Challenges
Crossfire
Demo
AST Representation
Global Functions
analyzer
functions
extension folder
secretpets
example
evaluation
working exploits
positive exploits
performance
limitations
Secure Functional Data Sharing
Static Analysis
Conclusions
Taught by
Black Hat