Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Automated Detection of Firefox Extension-Reuse Vulnerabilities

Black Hat via YouTube

Overview

Explore the world of Firefox extension security in this 57-minute Black Hat conference talk. Delve into the novel extension-reuse vulnerability that allows adversaries to launch stealthy attacks against users. Learn about CROSSFIRE, a lightweight static analyzer for Firefox legacy extensions that automatically discovers vulnerabilities and generates exploit templates. Discover how popular extensions, downloaded by millions of users, contain exploitable extension-reuse vulnerabilities. Examine the impact of these vulnerabilities, challenges in detection, and potential solutions through a comprehensive analysis of extension architecture, threat models, and existing security methods. Gain insights into the effectiveness of malicious extensions in evading detection by extension vetters. Understand the implications for browser security and the importance of addressing these vulnerabilities to protect users' sensitive information and system resources.

Syllabus

Introduction
Agenda
Extensions
Extension Architecture
Threat Model
Existing Methods
Jetpack
Attack Model
Impact
Simple Attack
Challenges
Crossfire
Demo
AST Representation
Global Functions
analyzer
functions
extension folder
secretpets
example
evaluation
working exploits
positive exploits
performance
limitations
Secure Functional Data Sharing
Static Analysis
Conclusions

Taught by

Black Hat

Reviews

Start your review of Automated Detection of Firefox Extension-Reuse Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.