Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Firefox-
A tale about chained vulnerabilities
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Introduction
●
●
●…
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Issue I - This is not the activity you were looking for
●
●
■■■
●
●
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Issue I - Constraints
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Issue II - Mr. JavascriptYes, I really like Tarantino’s films
●
■
■
● …
■
■
■
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Temporary Solution
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Results
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Issue II - Constraints
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Issue III - I know your secrets
●
●
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Solution
●
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Solution
● …
●
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
In short
●
■
■
■
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Issue IV - One symlink to pwn them all
●
■
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Issue IV - One symlink to pwn them all
●
●
● …
■
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Issue V - Buy four, get the fifth FREE
●
●
■
●
Copyright © 2013 viaForensics, LLC Training: Intro to viaLab
Firefox Exploit repository