An interesting spoofing attack resulting from the interaction between Firefox (or Thunderbird) MIME types handling and file managers.

Read more…

A dangerous file type association in Debian which could be used to trigger arbitrary code execution.

Read more…

Some sequence diagrams about OAuth 2.x and OpenID Connect.

Read more…

Some context and analysis about attacks on in WebDriver implementations.

Read more…

Some notes about how TLS v1.3 works. This is a follow-up of the previous episode about TLS v1.2. As before, the goal is to have a high-level overview about how the protocol works, what is the role of the different messages and be able to understand (and debug) a network traffic dump.

Read more…

Vulnerabilities in found on the WebDriver endpoints of Selenium Server (Grid).

Read more…

A DNS rebinding vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. This is bug #1652612 and CVE-2021-4138.

Read more…

Some notes about how TLS v1.2 (Transport Layer Security) works. The goal explain what is going on in a network traffic dump, the role of the different TLS extensions, the impact of the different cipher suites on security, etc. It includes several diagrams and many references.

Read more…

I found a cross-origin/same-site request forgery vulnerability in chromedriver. It was rejected (won't fix) because it is only possible to trigger this from the cross-origin/same-site and not cross-site. In practice, it means it is really only possible to trigger this from another localhost-bound web application.

Read more…

A Cross-Site Request Forgery (CSRF) vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. CVE-2020-15660 has been assigned to this vulnerability. This was fixed by GeckoDriver v0.27.0 in 2020-07-27. This is bug #1648964.

Read more…