What is a Browser Security Sandbox?! (Learn to Hack Firefox)

Рет қаралды 144,480

Күн бұрын

Пікірлер: 203

@LiveOverflow 3 жыл бұрын

Watch the long version with Q&A and more context on my second channel @LiveUnderflow kzbin.info/www/bejne/jHbEoHd8mdZsa8k

@user-uo8ny1kj4c 3 жыл бұрын

you should make a video explaining the difference between arch linux and other linux distros

@1CT1 3 жыл бұрын

Accept Jesus Christ as your Lord and Savior and you will be saved. John 3:16 (Share the good news of the gospel around the world!)...... ,,.. Have a wonderful rest of your day/night everyone, may the LORD bless you all, and farewell!.,,, ,,,,.. ,,,,,

@user-uo8ny1kj4c 3 жыл бұрын

@@1CT1 nobody wants anything to do with your cult

@johanbtheman 3 жыл бұрын

I am curious about webassembly and sandboxing. Have read something about that multiprocessing of webassembly isnt secure in sandboxing. Anyway i Think that wasm is the future. Would be Nice if you could do a video about the security concerns.

@stankojankovic 3 жыл бұрын

I really liked this one. It was not on the heavy (technical) side. Working in infosec full time, I sometimes don't have the energy to dig through code and do heavy technical lifting in my free time, but some light reading or videos like this one are perfect.

@rattatteb 3 жыл бұрын

Whoa, Firefox seems like an open book now! (Not like I read it but at least it's open now...) I always thought it's some magic, super 1337 stuff (which is not really typical for me because I normally like to explore software / tech). Thanks for changing my view there. I guess that's an extremely interesting rabbit hole to go down into in the near future.

@otesunki 3 жыл бұрын

doown the rabbit hole 🐇

@ChristopherGray00 Жыл бұрын

not that this video isn't good at explaining it but it's been documented for a while also the code was always open to look at

@rattatteb Жыл бұрын

@@ChristopherGray00 Sure, but I didn't even have the idea of looking into it back then. I wrote my comment to express how thankful I was for him to open my eyes there. No one starts out as a genius...

@aniksamiurrahman6365 3 жыл бұрын

So this is what the "--no-sandbox" tag in de-googled Chrome means. See, I at least learned one thing from this video, it didn't go entirely over my head, LOL!

@ShortHax 3 жыл бұрын

Damn, I was thinking the exploit would be Firefox’s old oversimplified logo

@Agent-ew6jw 3 жыл бұрын

Firefox old oversimplified logo? Is that a joke or was that supposed to be a idiotic comment? Is there any logic in what you said?

@joachimprz 3 жыл бұрын

@@Agent-ew6jw Don't be so toxic it's a joke about Firefoxes new Logo

@Agent-ew6jw 3 жыл бұрын

@@joachimprz I am not being rude I am being logical and I'm being technical and in a technical and rational way. I was worried whether there could be a exploitative method of what the user was talking about. But I now am aware it is a joke or a pawn to refer to the firefox's new logo.

@PlanetComputer 3 жыл бұрын

@otesunki 3 жыл бұрын

@@kreuner11 pov: you dont understand icons are still oversimplified

@divakarbisht7951 3 жыл бұрын

The way you explain a Concept Is Just Super Great, loved your videos Keep up the Good work :)

@isiraadithya 3 жыл бұрын

As Always 👌 Btw, What happened to your fingers?

@Jack-fs3pp 3 жыл бұрын

I've been watching these videos for a while now, Decided to signup as a patreon! Love it whenever you upload new content! Always quality stuff!

@PhoenixClank 3 жыл бұрын

When I first found out that a browser's own UI is just more HTML/JS I was shocked, but it actually makes a lot of sense! When you already _have_ a program to render HTML and execute JS, you can just use these technologies to implement the program's own UI, and don't have to rely on whatever toolkit happens to be installed on the OS you're running on.

@gouravkhator 3 жыл бұрын

I can't imagine that this type of videos are in youtube. It is worthier than even the paid content on best websites. He has become my idol

@heyserge 3 жыл бұрын

You seem like such a chill dude man, gg for being one of the greatest youtube channels in your field

@MrTurbo_ 3 жыл бұрын

This is really cool! i've just been playing around with reverse engineering websites till now as i'm not familiar with debugging compiled code but this might be something i'd actually be able to do, i'm definitely going to give this a try!

@TracyNorrell 3 жыл бұрын

Great stuff. Always glad to see you pop up in my notifications.

@yjk_ch 3 жыл бұрын

I am blown away by the fact that web browser itself is written using web technologies.

@hassaannoor 3 жыл бұрын

This deserves to be a netflix series.

@parthghughriwala6799 3 жыл бұрын

Man soo goood!!🍻 You're helping the community sd much as you can by making and sharing such content! 🙌

@balloney2175 3 жыл бұрын

Mr. LiveOverflow is very knowledgeable sent from heaven.

@RandomGeometryDashStuff 3 жыл бұрын

I found weird bug in firefox javascript console: if you copy+paste (don't press enter) Function.prototype.call.bind(Function.prototype.call,alert,window,'lol')() if will show alert without you pressing enter 🙃

@jordanhanna6884 3 жыл бұрын

This is really well delivered and produced, great job with a complex topic!

@ٴٴٴٴۥۥٴٴٴٴۥۥٴٴٴٴۥۥٴٴٴٴۥۥٴٴٴٴٴٴ Жыл бұрын

Why is there red color in your name?

@FaZeInvite17 3 жыл бұрын

Really nice, learned a lot thank you

@gmdzbanwic 3 жыл бұрын

restore session exploit is latest for firefox. and not many know about it essentialy if u turn down machine via power button or loss of power and it asks to restore session of pre-loaded website the payload loads then. it is similar to the sad face of crashing chrome sometimes. yes it is live yes it is unpatched

@arivanhouten6343 3 жыл бұрын

Finally another masterpiece!

@mojed6666 3 жыл бұрын

I hope he never stops to explain stuff :-)

@maurolimaok Жыл бұрын

I'm still learning Linux and Terminal prior to learn to code, but liked the channel very much! Thanks for the videos!

@studyshit4418 3 жыл бұрын

why are channels like these so underrated. Makes me ask tf god?

@TheVertical92 3 жыл бұрын

dafuq 😮 His channel is one of the biggest "tech in detail" channels i know, or even the biggest. I wouldnt say this channel is underrated. I mean its a niche topic for YT in general.

@studyshit4418 3 жыл бұрын

@@TheVertical92 I am talking about his views. Subs don't make money. It's the views

@SuperSohaizai 3 жыл бұрын

@@studyshit4418 because it is less interesting than let's say cat video. Not exactly a joke but yeah because it is a specific area (security) in a specific (IT) field. It is just less appealing to mass public because most people don't care. The ones that do, the numbers are not that big unfortunately

@bradley1995 2 жыл бұрын

Java drive bys... I remember having a few of them back in the day.

@nmnxe 3 жыл бұрын

Just wanted to share that the knowledge you are sharing is pure gold!

@ALZlper 3 жыл бұрын

I hope your fingers are doing well.

@skywizard3319 3 жыл бұрын

also i think he might have a cat cause of the scrtach on his arm

@alexwhb122 3 жыл бұрын

Absolutely fantastic video! I learned so much! Thank you for posting.

@crfslickh4x708 3 жыл бұрын

Great video as always, although I do miss the drawing and visual examples while explaining things. You still explain things well, but my mind wanders off without the visual part haha.

@TheZenytram 3 жыл бұрын

So thats why FireFox are eating ram as candy now

@garagedoorvideos 2 жыл бұрын

16:23 whoo hooo

@wlockuz4467 3 жыл бұрын

I was watching this on Firefox and when you showed dev tools I was confused because I thought my browser just randomly opened dev tools lol

@shapelessed 3 жыл бұрын

Mhmm... Now that I watched it and you reminded me how browsers use HTML/JS for their own interfaces I am wondering... How slow would a browser built in Electron actually be... A browser built in... a browser?

@shapelessed 3 жыл бұрын

Obviously I'm oversimplifying saying that Electron is "a browser", but whoever worked with it would get the point...

@giacomo.delazzari 3 жыл бұрын

You might want to take a look at the Min browser. It's actually quite fast and light. At least it was at the time.. I remember using it on my previous laptop (dual core Celeron with 2GB of RAM) because Chrome was too heavy

@peulleieoyukino6369 3 жыл бұрын

take a look at the Discord app :)

@shapelessed 3 жыл бұрын

@@peulleieoyukino6369 No because that's not the point...

@peulleieoyukino6369 3 жыл бұрын

@@shapelessed The Discord app is a browser built in electron sure it does lack a way to search the web, but it can run web pages to a certain extent

@wellsilver3972 3 жыл бұрын

Imagine a sandbox as a walled in area, sure there are gates but how can you get through the gates? Within the walled in area you can do whatever you want, however its a small enough area where you can only do the purpose your suppost to do. The problem is getting out of the wall

@joshsegarino8468 3 жыл бұрын

but why? why would you do that?

@foxinrot 3 жыл бұрын

Browser exploits? *webkit on (game)consoles intensifies*

@igorgiuseppe1862 3 жыл бұрын

if the browser create an sandbox for every page it loads, can some attacker "DDOS" the memory for sandbox pointers? i mean, how many sandboxes can an browser realy create before it crashes? what if i for example, put 1 million s for different urls in the page?

@lekhakaananta5864 3 жыл бұрын

Can you turn crashing into a security issue though? Remember that other Liveoverflow video where they decided to "fix" a browser security bug by crashing the browser? Can't steal data or install malware through the browser when the browser is crashed...

@itsfuckingtomboythursday 3 жыл бұрын

that's just troll, lol

@imyasharya 3 жыл бұрын

What are you wearing in your fingers?

@SIRBOB102 2 жыл бұрын

Firefox also has a lot of rust code now but it might not be used for IPC

@EvilSapphireR 3 жыл бұрын

I don't understand. So the message loop in the parent process responsible for handling javascript messages coming from the sandboxed processes is implemented in Javascript itself?

@mohameai5997 3 жыл бұрын

that's the good stuff that i expect from live over flow

@itaybarok9405 Жыл бұрын

Great Video! Sandbox is cool and fun

@matthewboyd1834 3 жыл бұрын

this is the content I want thank you so much interesting and informative great job

@adihacks2 3 жыл бұрын

Would like to see more sandbox

@nibirray1877 3 жыл бұрын

this browser sandbox model is also there in electron as it uses the V8 engine but why do electron uses this sand boxing model when there framework was created to create desktop apps which are supposed to access the filesystem

@neilthomas5026 3 жыл бұрын

Thanks for your amazing content

@btarg1 3 жыл бұрын

Seeing this just after the news about Firefox being overtaken by Edge... it seems like Firefox is getting a lot of shit recently

@vladx3539 3 жыл бұрын

Mind blowing

@cksuwarnaraj 3 жыл бұрын

really cool brother

@krlst.5977 3 жыл бұрын

That was fascinatingly, great content!

@typingcat 2 жыл бұрын

Can't the W3C drop from the standard? I don't imagine many legitimate use cases for it.

@gd44481 2 жыл бұрын

Ads

@LiveOverflow 2 жыл бұрын

s are actually a really great security feature nowadays. Checkout sandboxed s.

@chittodihoc 3 жыл бұрын

thank a lot, you gave me more knowledge

@cho4d 3 жыл бұрын

after watching this, and thinking how long its been since i clean installed windows... im like... not sure man

@alexeynavalny4732 3 жыл бұрын

very intresting. expecting more like this

@01eksii 11 ай бұрын

so if a website demands me to remove sandbox attribute from the , it wants to hack me, correct?

@cabonamigo 3 жыл бұрын

Can we sandbox the sandbox, and at least garantee that even if the browser sandbox is compromised, the entire system won't, in a Easy Way ?

@mattimorottaja8445 Жыл бұрын

use qubes?

@antoniofranciscorenteribei792 3 жыл бұрын

Very well explained thanks!!

@danielfernandes1010 3 жыл бұрын

That was an interesting one. Thank you!

@markholm6955 3 жыл бұрын

What about known vulnerabilities that are not 0 days but still have not been fixed?

@suncrafterspielt9479 3 жыл бұрын

Can someone please explain who Freddy is?

@KangJangkrik 3 жыл бұрын

Even browser do better than our COVID lockdown oh humanity

@awakeus8080 3 жыл бұрын

A very important video

@w3z315 3 жыл бұрын

Thanks a lot for this video! Very interesting!

@skylo706 Жыл бұрын

@LiveOverflow Could you, if you're interested in this as well, make a video about windows 95 vulnerabilities and exploits? Would be very interested in seeing how insecure old systems like this really are compared to todays standards

@mushenji 3 жыл бұрын

Absolutely Awesome

@robertwinking6832 3 жыл бұрын

How do I hire your company... I am 100% sandboxed and its being used to cripple me.

@DaJC87 3 жыл бұрын

Another great vid. Thanks a lot

@RoGiftRBLX 3 жыл бұрын

Hey LiveOverflow, what happened to your elbow? It seems to be cut open or something.

@ianthethird420 3 жыл бұрын

È stato stuprato secondo me

@leenalkaraki5652 3 жыл бұрын

thank you so much for making this video!!!!

@secCheGuevara 3 жыл бұрын

This was really cool! Thanks :)

@godnyx117 3 жыл бұрын

Firefox users: Current objective: survive

@andrewgaming012 3 жыл бұрын

Sounds like the ps4 hacking scene

@SrRunsis 3 жыл бұрын

Disable adblockers to support this guy!

@johngrave5554 3 жыл бұрын

Me who took only a few classes of Coding during HS, oh yes the javascript engine

@mohammedibrahimkhan7018 3 жыл бұрын

Still here.

@allezvenga7617 3 жыл бұрын

Thanks for your sharing

@bennort6035 3 жыл бұрын

Hey, what do you think about the BRAVE browser? Is it more/less secure than Firefox/Chrome? I would love to hear your opinion on that browser. Thanks!

@LiveOverflow 3 жыл бұрын

It’s just a skin. I prefer using one of the original broesers

@rand0mtv660 3 жыл бұрын

Brave is built on Chromium which is what Chrome and new MS Edge use under the hood.

@bennort6035 3 жыл бұрын

@@LiveOverflow But still it seems to be promoting more security/privacy? Is there some truth behind it or just marketing?

@SapphFire 3 жыл бұрын

@@bennort6035 To me it seems like just marketing. They've done very shady things behind people's backs, like replacing urls for different sites with their referral urls. They're also funded by a US department of defense contractor, which specializes in big data analytics. In general their for-profit model very much goes against what they claim they stand for, as they can just do a 180 turn once they find something else to be more profitable than privacy/security. They like to act privacy friendly on the surface, but they completely violate what they claim to stand for whenever they can get away with it.

@piotrbrzozowski920 3 жыл бұрын

What happened to your fingers?

@LiveOverflow 3 жыл бұрын

Played too rough in the sandbox

@Anonymous-ib7dc 3 жыл бұрын

cleanes video einfach nur

@Fist_34 3 жыл бұрын

Hey bro how about "android exploitation" explanation. :) Plzz

@francosnowden6117 3 жыл бұрын

Good one. Thx dude

@bodyblend 3 жыл бұрын

What happened to your right arm

@pewpwnpie 3 жыл бұрын

So what happened to your fingers?

@dukeetannerpuppypd2275 3 жыл бұрын

Thank you my friend I find it highly ironic that I switched back onto your channel here and there was a thumbs-down and I didn't do that. But that's okay I know who is doing it. Follow the money. You're more than welcome to get into anything that you want on my end and sign these mofos. Although I already know who they are. Take care all of my best to you and yours stay blessed