What is a Browser Security Sandbox?! (Learn to Hack Firefox)

What is a Browser Security Sandbox?! (Learn to Hack Firefox) https://stream.echo6.co/videos/watch/333f11e0-5f17-446e-83b7-9d12345707e3 It's surprisingly easy to do security research on Firefox trying to find sandbox escapes. You should give it a try! Long video version (stream Q&A): https://www.youtube.com/watch?v=VEaoDFdq95g The Original Article: https://blog.mozilla.org/attack-and-defense/2021/04/27/examining-javascript-inter-process-communication-in-firefox/ Fuzzing IPC: https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/ Mozilla Bug Bounty: https://www.mozilla.org/en-US/security/client-bug-bounty/ 00:00 - Intro 01:44 - What is a Process Sandbox? 03:04 - How to Implement a Sandbox? 03:43 - Introducing Inter Process Communication (IPC) 05:17 - Why Browsers Need a Complex Sandbox Architecture 07:19 - Browser Exploitation requires Sandbox Escape 08:42 - Strategy 1: OS Sandbox Implementation Bypass 08:59 - Strategy 2: Attacking the IPC Implementation Layer 09:48 - Strategy 3: IPC Logic Bugs 10:10 - HTML/JS Components in Firefox 11:21 - IPC Messages Implemented in JavaScript 11:58 - Setting Up Firefox Nightly For Debugging 13:20 - alert() IPC Message Handler 14:04 - IPC Message Sender 15:21 - Send Malicious IPC Messages 16:12 - CVE-2019-11708 Prompt:Open Sandbox Escape 17:13 - Outro -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ Mon, 13 Apr 2026 11:50:35 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co What is a Browser Security Sandbox?! (Learn to Hack Firefox) https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/333f11e0-5f17-446e-83b7-9d12345707e3 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.