What is a Browser Security Sandbox?! (Learn to Hack Firefox)
Рет қаралды 142,312
Күн бұрынIt's surprisingly easy to do security research on Firefox trying to find sandbox escapes. You should give it a try!
Long video version (stream Q&A): • Examining JavaScript I...
The Original Article: blog.mozilla.org/attack-and-d...
Fuzzing IPC: blog.mozilla.org/attack-and-d...
Mozilla Bug Bounty: www.mozilla.org/en-US/securit...
00:00 - Intro
01:44 - What is a Process Sandbox?
03:04 - How to Implement a Sandbox?
03:43 - Introducing Inter Process Communication (IPC)
05:17 - Why Browsers Need a Complex Sandbox Architecture
07:19 - Browser Exploitation requires Sandbox Escape
08:42 - Strategy 1: OS Sandbox Implementation Bypass
08:59 - Strategy 2: Attacking the IPC Implementation Layer
09:48 - Strategy 3: IPC Logic Bugs
10:10 - HTML/JS Components in Firefox
11:21 - IPC Messages Implemented in JavaScript
11:58 - Setting Up Firefox Nightly For Debugging
13:20 - alert() IPC Message Handler
14:04 - IPC Message Sender
15:21 - Send Malicious IPC Messages
16:12 - CVE-2019-11708 Prompt:Open Sandbox Escape
17:13 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
@LiveOverflow 3 жыл бұрын
Watch the long version with Q&A and more context on my second channel @LiveUnderflow kzbin.info/www/bejne/jHbEoHd8mdZsa8k
@user-uo8ny1kj4c 3 жыл бұрын
you should make a video explaining the difference between arch linux and other linux distros
@1CT1 3 жыл бұрын
Accept Jesus Christ as your Lord and Savior and you will be saved. John 3:16 (Share the good news of the gospel around the world!)...... ,,.. Have a wonderful rest of your day/night everyone, may the LORD bless you all, and farewell!.,,, ,,,,.. ,,,,,
@user-uo8ny1kj4c 3 жыл бұрын
@@1CT1 nobody wants anything to do with your cult
@johanbtheman 3 жыл бұрын
I am curious about webassembly and sandboxing. Have read something about that multiprocessing of webassembly isnt secure in sandboxing. Anyway i Think that wasm is the future. Would be Nice if you could do a video about the security concerns.
@stankojankovic 3 жыл бұрын
I really liked this one. It was not on the heavy (technical) side. Working in infosec full time, I sometimes don't have the energy to dig through code and do heavy technical lifting in my free time, but some light reading or videos like this one are perfect.
@aniksamiurrahman6365 3 жыл бұрын
So this is what the "--no-sandbox" tag in de-googled Chrome means. See, I at least learned one thing from this video, it didn't go entirely over my head, LOL!
@antricks2546 3 жыл бұрын
Whoa, Firefox seems like an open book now! (Not like I read it but at least it's open now...) I always thought it's some magic, super 1337 stuff (which is not really typical for me because I normally like to explore software / tech). Thanks for changing my view there. I guess that's an extremely interesting rabbit hole to go down into in the near future.
@otesunki 3 жыл бұрын
doown the rabbit hole 🐇
@ChristopherGray00 Жыл бұрын
not that this video isn't good at explaining it but it's been documented for a while also the code was always open to look at
@antricks2546 Жыл бұрын
@@ChristopherGray00 Sure, but I didn't even have the idea of looking into it back then. I wrote my comment to express how thankful I was for him to open my eyes there. No one starts out as a genius...
@divakarbisht7951 3 жыл бұрын
The way you explain a Concept Is Just Super Great, loved your videos Keep up the Good work :)
@Jack-fs3pp 3 жыл бұрын
I've been watching these videos for a while now, Decided to signup as a patreon! Love it whenever you upload new content! Always quality stuff!
@TracyNorrell 3 жыл бұрын
Great stuff. Always glad to see you pop up in my notifications.
@heyserge 3 жыл бұрын
You seem like such a chill dude man, gg for being one of the greatest youtube channels in your field
@parthghughriwala6799 3 жыл бұрын
Man soo goood!!🍻 You're helping the community sd much as you can by making and sharing such content! 🙌
@jordanhanna6884 3 жыл бұрын
This is really well delivered and produced, great job with a complex topic!
@thenextbigthing1393 Жыл бұрын
Why is there red color in your name?
@MrTurbo_ 3 жыл бұрын
This is really cool! i've just been playing around with reverse engineering websites till now as i'm not familiar with debugging compiled code but this might be something i'd actually be able to do, i'm definitely going to give this a try!
@alexwhb122 3 жыл бұрын
Absolutely fantastic video! I learned so much! Thank you for posting.
@nmnxe 3 жыл бұрын
Just wanted to share that the knowledge you are sharing is pure gold!
@mojed6666 3 жыл бұрын
I hope he never stops to explain stuff :-)
@FaZeInvite17 3 жыл бұрын
Really nice, learned a lot thank you
@crfslickh4x708 3 жыл бұрын
Great video as always, although I do miss the drawing and visual examples while explaining things. You still explain things well, but my mind wanders off without the visual part haha.
@ShortHax 3 жыл бұрын
Damn, I was thinking the exploit would be Firefox’s old oversimplified logo
@Agent-ew6jw 3 жыл бұрын
Firefox old oversimplified logo? Is that a joke or was that supposed to be a idiotic comment? Is there any logic in what you said?
@joachimprz 3 жыл бұрын
@@Agent-ew6jw Don't be so toxic it's a joke about Firefoxes new Logo
@Agent-ew6jw 3 жыл бұрын
@@joachimprz I am not being rude I am being logical and I'm being technical and in a technical and rational way. I was worried whether there could be a exploitative method of what the user was talking about. But I now am aware it is a joke or a pawn to refer to the firefox's new logo.
@PlanetComputer 3 жыл бұрын
ok
@otesunki 3 жыл бұрын
@@kreuner11 pov: you dont understand icons are still oversimplified
@krlst.5977 3 жыл бұрын
That was fascinatingly, great content!
@maurolimaok Жыл бұрын
I'm still learning Linux and Terminal prior to learn to code, but liked the channel very much! Thanks for the videos!
@gouravkhator 2 жыл бұрын
I can't imagine that this type of videos are in youtube. It is worthier than even the paid content on best websites. He has become my idol
@danielfernandes1010 3 жыл бұрын
That was an interesting one. Thank you!
@arivanhouten6343 3 жыл бұрын
Finally another masterpiece!
@secCheGuevara 3 жыл бұрын
This was really cool! Thanks :)
@matthewboyd1834 3 жыл бұрын
this is the content I want thank you so much interesting and informative great job
@antoniofranciscorenteribei792 3 жыл бұрын
Very well explained thanks!!
@isiraadithya 3 жыл бұрын
As Always 👌 Btw, What happened to your fingers?
@dylanlawhon8010 3 жыл бұрын
Awesome content, thanks!
@alexeynavalny4732 3 жыл бұрын
very intresting. expecting more like this
@w3z315 3 жыл бұрын
Thanks a lot for this video! Very interesting!
@DaJC87 3 жыл бұрын
Another great vid. Thanks a lot
@chittodihoc 3 жыл бұрын
thank a lot, you gave me more knowledge
@itaybarok9405 Жыл бұрын
Great Video! Sandbox is cool and fun
@mohameai5997 3 жыл бұрын
that's the good stuff that i expect from live over flow
@neilthomas5026 2 жыл бұрын
Thanks for your amazing content
@leenalkaraki5652 3 жыл бұрын
thank you so much for making this video!!!!
@mushenji 3 жыл бұрын
Absolutely Awesome
@cksuwarnaraj 3 жыл бұрын
really cool brother
@francosnowden6117 3 жыл бұрын
Good one. Thx dude
@adihacks3755 3 жыл бұрын
Would like to see more sandbox
@sidhantsrivastava7426 3 жыл бұрын
Awesome video
@PhoenixClank 3 жыл бұрын
When I first found out that a browser's own UI is just more HTML/JS I was shocked, but it actually makes a lot of sense! When you already _have_ a program to render HTML and execute JS, you can just use these technologies to implement the program's own UI, and don't have to rely on whatever toolkit happens to be installed on the OS you're running on.
@balloney2175 3 жыл бұрын
Mr. LiveOverflow is very knowledgeable sent from heaven.
@awakeus8080 3 жыл бұрын
A very important video
@wellsilver3972 3 жыл бұрын
Imagine a sandbox as a walled in area, sure there are gates but how can you get through the gates? Within the walled in area you can do whatever you want, however its a small enough area where you can only do the purpose your suppost to do. The problem is getting out of the wall
@KarlMaged 3 жыл бұрын
Very cool!
@allezvenga7617 3 жыл бұрын
Thanks for your sharing
@saklandking9303 3 жыл бұрын
Waow awesome video.
@elliot_yoyo 3 жыл бұрын
Super interesting thanks
@vladx3539 3 жыл бұрын
Mind blowing
@wlockuz4467 3 жыл бұрын
I was watching this on Firefox and when you showed dev tools I was confused because I thought my browser just randomly opened dev tools lol
@SB-qm5wg 3 жыл бұрын
cool video. ty
@yjk_ch 3 жыл бұрын
I am blown away by the fact that web browser itself is written using web technologies.
@gmdzbanwic 2 жыл бұрын
restore session exploit is latest for firefox. and not many know about it essentialy if u turn down machine via power button or loss of power and it asks to restore session of pre-loaded website the payload loads then. it is similar to the sad face of crashing chrome sometimes. yes it is live yes it is unpatched
@Anonymous-ib7dc 3 жыл бұрын
cleanes video einfach nur
@RandomGeometryDashStuff 2 жыл бұрын
I found weird bug in firefox javascript console: if you copy+paste (don't press enter) Function.prototype.call.bind(Function.prototype.call,alert,window,'lol')() if will show alert without you pressing enter 🙃
@attention_shopping 3 жыл бұрын
that's awesome
@EvilSapphireR 2 жыл бұрын
I don't understand. So the message loop in the parent process responsible for handling javascript messages coming from the sandboxed processes is implemented in Javascript itself?
@nibirray1877 3 жыл бұрын
this browser sandbox model is also there in electron as it uses the V8 engine but why do electron uses this sand boxing model when there framework was created to create desktop apps which are supposed to access the filesystem
@steven-lin 3 жыл бұрын
So cool.
@garagedoorvideos 2 жыл бұрын
16:23 whoo hooo
@markholm6955 2 жыл бұрын
What about known vulnerabilities that are not 0 days but still have not been fixed?
@bradley1995 Жыл бұрын
Java drive bys... I remember having a few of them back in the day.
@hassaannoor 3 жыл бұрын
This deserves to be a netflix series.
@SIRBOB102 2 жыл бұрын
Firefox also has a lot of rust code now but it might not be used for IPC
@apt0x125 3 жыл бұрын
Knowledgeable!
@igorgiuseppe1862 3 жыл бұрын
if the browser create an sandbox for every page it loads, can some attacker "DDOS" the memory for sandbox pointers? i mean, how many sandboxes can an browser realy create before it crashes? what if i for example, put 1 million s for different urls in the page?
@lekhakaananta5864 3 жыл бұрын
Can you turn crashing into a security issue though? Remember that other Liveoverflow video where they decided to "fix" a browser security bug by crashing the browser? Can't steal data or install malware through the browser when the browser is crashed...
@itsfuckingtomboythursday 2 жыл бұрын
that's just troll, lol
@alexandremarinhodesouzajun8106 3 жыл бұрын
very goood
@sandboxescapersandboxescap4705 3 жыл бұрын
Cool
@bennort6035 3 жыл бұрын
Hey, what do you think about the BRAVE browser? Is it more/less secure than Firefox/Chrome? I would love to hear your opinion on that browser. Thanks!
@LiveOverflow 3 жыл бұрын
It’s just a skin. I prefer using one of the original broesers
@rand0mtv660 3 жыл бұрын
Brave is built on Chromium which is what Chrome and new MS Edge use under the hood.
@bennort6035 3 жыл бұрын
@@LiveOverflow But still it seems to be promoting more security/privacy? Is there some truth behind it or just marketing?
@SapphFire 3 жыл бұрын
@@bennort6035 To me it seems like just marketing. They've done very shady things behind people's backs, like replacing urls for different sites with their referral urls. They're also funded by a US department of defense contractor, which specializes in big data analytics. In general their for-profit model very much goes against what they claim they stand for, as they can just do a 180 turn once they find something else to be more profitable than privacy/security. They like to act privacy friendly on the surface, but they completely violate what they claim to stand for whenever they can get away with it.
@joshsegarino8468 3 жыл бұрын
but why? why would you do that?
@01eksii 7 ай бұрын
so if a website demands me to remove sandbox attribute from the , it wants to hack me, correct?
@RoGiftRBLX 3 жыл бұрын
Hey LiveOverflow, what happened to your elbow? It seems to be cut open or something.
@ianthethird420 2 жыл бұрын
È stato stuprato secondo me
@HarryBallsOnYa345 3 жыл бұрын
*shouts in a rage* IFRAAMMEES!
@imyasharya 3 жыл бұрын
What are you wearing in your fingers?
@suncrafterspielt9479 3 жыл бұрын
Can someone please explain who Freddy is?
@studyshit4418 3 жыл бұрын
why are channels like these so underrated. Makes me ask tf god?
@TheVertical92 3 жыл бұрын
dafuq 😮 His channel is one of the biggest "tech in detail" channels i know, or even the biggest. I wouldnt say this channel is underrated. I mean its a niche topic for YT in general.
@studyshit4418 3 жыл бұрын
@@TheVertical92 I am talking about his views. Subs don't make money. It's the views
@SuperSohaizai 3 жыл бұрын
@@studyshit4418 because it is less interesting than let's say cat video. Not exactly a joke but yeah because it is a specific area (security) in a specific (IT) field. It is just less appealing to mass public because most people don't care. The ones that do, the numbers are not that big unfortunately
@skylo706 Жыл бұрын
@LiveOverflow Could you, if you're interested in this as well, make a video about windows 95 vulnerabilities and exploits? Would be very interested in seeing how insecure old systems like this really are compared to todays standards
@advdebug 2 жыл бұрын
but i think if all for example s on the page gets it's own process this can open firefox to DoS attacks, but at least my websites credentials are kinda safe.
@dukeetannerpuppypd2275 3 жыл бұрын
Thank you my friend I find it highly ironic that I switched back onto your channel here and there was a thumbs-down and I didn't do that. But that's okay I know who is doing it. Follow the money. You're more than welcome to get into anything that you want on my end and sign these mofos. Although I already know who they are. Take care all of my best to you and yours stay blessed
@shapelessed 3 жыл бұрын
Mhmm... Now that I watched it and you reminded me how browsers use HTML/JS for their own interfaces I am wondering... How slow would a browser built in Electron actually be... A browser built in... a browser?
@shapelessed 3 жыл бұрын
Obviously I'm oversimplifying saying that Electron is "a browser", but whoever worked with it would get the point...
@giacomo.delazzari 3 жыл бұрын
You might want to take a look at the Min browser. It's actually quite fast and light. At least it was at the time.. I remember using it on my previous laptop (dual core Celeron with 2GB of RAM) because Chrome was too heavy
@peulleieoyukino6369 3 жыл бұрын
take a look at the Discord app :)
@shapelessed 3 жыл бұрын
@@peulleieoyukino6369 No because that's not the point...
@peulleieoyukino6369 3 жыл бұрын
@@shapelessed The Discord app is a browser built in electron sure it does lack a way to search the web, but it can run web pages to a certain extent
@typingcat 2 жыл бұрын
Can't the W3C drop from the standard? I don't imagine many legitimate use cases for it.
@gd44481 2 жыл бұрын
Ads
@LiveOverflow 2 жыл бұрын
s are actually a really great security feature nowadays. Checkout sandboxed s.
@cho4d 3 жыл бұрын
after watching this, and thinking how long its been since i clean installed windows... im like... not sure man
@cabonamigo 2 жыл бұрын
Can we sandbox the sandbox, and at least garantee that even if the browser sandbox is compromised, the entire system won't, in a Easy Way ?
@mattimorottaja8445 Жыл бұрын
use qubes?
@ALZlper 3 жыл бұрын
I hope your fingers are doing well.
@skywizard3319 3 жыл бұрын
also i think he might have a cat cause of the scrtach on his arm
@robertwinking6832 3 жыл бұрын
How do I hire your company... I am 100% sandboxed and its being used to cripple me.
@SrRunsis 3 жыл бұрын
Disable adblockers to support this guy!
@Fist_34 3 жыл бұрын
Hey bro how about "android exploitation" explanation. :) Plzz
@foxinrot 3 жыл бұрын
Browser exploits? *webkit on (game)consoles intensifies*
@soaphornseuo8630 3 жыл бұрын
🥰🥰🥰
@TheZenytram 3 жыл бұрын
So thats why FireFox are eating ram as candy now
@itsmeyaw_id 3 жыл бұрын
OMG Sauercloud XD
@mohammedibrahimkhan7018 3 жыл бұрын
Still here.
@MystixHalo 3 жыл бұрын
679th!!
@btarg1 3 жыл бұрын
Seeing this just after the news about Firefox being overtaken by Edge... it seems like Firefox is getting a lot of shit recently
@chronically_late 3 жыл бұрын
I agree with you on ozone in low concentrations, but to describe ozone in higher concentrations as merely an irritant is a rather large understatement.
@bodyblend 3 жыл бұрын
What happened to your right arm
@KangJangkrik 3 жыл бұрын
Even browser do better than our COVID lockdown oh humanity
@piotrbrzozowski920 3 жыл бұрын
What happened to your fingers?
@LiveOverflow 3 жыл бұрын
Played too rough in the sandbox
@pewpwnpie 3 жыл бұрын
So what happened to your fingers?
@ilanisme3698 3 жыл бұрын
i just wonder what happened to your hand.. lol
Nikita Zdradovskiy
Рет қаралды 6 МЛН
The PC Security Channel
Рет қаралды 401 М.
Brother-live_mob
Рет қаралды 1,3 МЛН
notebook-31
Рет қаралды 79 М.