MIME-type spoofing in Firefox/Thunderbird and file managers

Published: Mar 7 2023

An interesting spoofing attack resulting from the interaction between Firefox (or Thunderbird) MIME types handling and file managers.

Browser-based attacks on WebDriver implementations

Published: May 5 2022

Some context and analysis about attacks on in WebDriver implementations.

DNS rebinding vulnerability to RCE in GeckoDriver

Published: Feb 7 2022

A DNS rebinding vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. This is bug #1652612 and CVE-2021-4138.

CSRF to RCE in GeckoDriver

Published: Aug 16 2021

A Cross-Site Request Forgery (CSRF) vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. CVE-2020-15660 has been assigned to this vulnerability. This was fixed by GeckoDriver v0.27.0 in 2020-07-27. This is bug #1648964.

Firefox DoH DNS rebinding protection bypass using IPv4-mapped addresses

Published: Apr 5 2021

I found that the filtering of private IPv4 addresses in the DNS-over-HTTPS (DoH) implementation of Firefox could by bypassed. This is CVE-2020-26961 and Mozilla bug 1672528. It has been fixed in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5.

IP address spoofing in order to watch South Park

Published: Nov 22 2018

Trying to bring back some old IP spoofing Firefox extension for watching South Park episodes.

Updating Firefox OS

Published: Mar 29 2015

I updated a Geeksphone Peak from Firefox OS 1.1 to Firefox OS 2.1 and it was not that easy.

Page 1 of 1 | Previous page | Next page | JSON Feed | Atom Feed