April 22, 2010
For the last year, we have been focusing on Firefox Extension security and we have now released a research paper and an addendum on the topic of Cross Contex Scripting (XCS).
The research paper "Cross Context Scripting with Firefox" demonstrates different ways of attacking Firefox extensions via Cross Context Scripting (XCS) vulnerabilities.
Several XCS cases are detailed, including vulnerable extension code and exploit.

Whitepaper: Cross Context Scripting with Firefox - download (PDF)

The addendum "Exploiting Cross Context Scripting vulnerabilities in Firefox" includes a number of exploits tailored for Cross Context Scripting vulnerabilities.

Addendum: Exploiting Cross Context Scripting vulnerabilities in Firefox - download (PDF)

Share - permalink - Comment/Contact me