| Title | Hardening Firefox against Injection Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Kerschbaumer, C., Ritter, T., Braun, F. |
| Conference Name | 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW) |
| Date Published | sep |
| Keywords | authoring languages, browser security, Browsers, Cross Site Scripting, CSS, Firefox, Hardening, HTML, Human Behavior, hypermedia markup languages, information retrieval, injection attacks, Internet, JavaScript, online front-ends, Operating systems, pubcrawl, real-world security vulnerabilities, resilience, Resiliency, Runtime, Scalability, security, security of data, Universal Cross-site Scripting, untrusted Web content, user interface, user interfaces, Web browsers display content, Web pages, web security, Web security model, Web sites, World Wide Web |
| Abstract | Web browsers display content in the form of HTML, CSS and JavaScript retrieved from the world wide web. The loaded content is subject to the web security model and considered untrusted and potentially malicious. To complicate security matters, Firefox uses the same technologies to render its user interface as it does to render untrusted web content which blurs the distinction between the two privilege levels.Getting interactions between the two correct turns out to be complicated and has led to numerous real-world security vulnerabilities. We study those vulnerabilities to discover common threats and explain how we address them systematically to harden Firefox. |
| DOI | 10.1109/EuroSPW51379.2020.00094 |
| Citation Key | kerschbaumer_hardening_2020 |
Hardening Firefox against Injection Attacks