Articles
- Origins, Sites and other Terminologies (Sat 14 January 2023)
- Finding and Fixing DOM-based XSS with Static Analysis (Mon 02 January 2023)
- DOM Clobbering (Mon 12 December 2022)
- Neue Methoden für Cross-Origin Isolation: Resource, Opener & Embedding Policies mit COOP, COEP, CORP und CORB (Thu 10 November 2022)
- Reference Sheet for Principals in Mozilla Code (Mon 03 August 2020)
- Hardening Firefox against Injection Attacks – The Technical Details (Tue 07 July 2020)
- Understanding Web Security Checks in Firefox (Part 1) (Wed 10 June 2020)
- Help Test Firefox's built-in HTML Sanitizer to protect against UXSS bugs (Fri 06 December 2019)
- Remote Code Execution in Firefox beyond memory corruptions (Sun 29 September 2019)
- XSS in The Digital #ClimateStrike Widget (Mon 23 September 2019)
- Chrome switching the XSSAuditor to filter mode re-enables old attack (Fri 10 May 2019)
- Challenge Write-up: Subresource Integrity in Service Workers (Sat 25 March 2017)
- Finding the SqueezeBox Radio Default SSH Passwort (Fri 02 September 2016)
- New CSP directive to make Subresource Integrity mandatory (`require-sri-for`) (Thu 02 June 2016)
- Firefox OS apps and beyond (Tue 12 April 2016)
- Teacher's Pinboard Write-up (Wed 02 December 2015)
- A CDN that can not XSS you: Using Subresource Integrity (Sun 19 July 2015)
- The Twitter Gazebo (Sat 18 July 2015)
- German Firefox 1.0 ad (OCR) (Sun 09 November 2014)
- My thoughts on Tor appliances (Tue 14 October 2014)
- Subresource Integrity (Sun 05 October 2014)
- Revoke App Permissions on Firefox OS (Sun 24 August 2014)
- (Self) XSS at Mozilla's internal Phonebook (Fri 23 May 2014)
- Tales of Python's Encoding (Mon 17 March 2014)
- On the X-Frame-Options Security Header (Thu 12 December 2013)
- html2dom (Tue 24 September 2013)
- Security Review: HTML sanitizer in Thunderbird (Mon 22 July 2013)
- Week 29 2013 (Sun 21 July 2013)
- The First Post (Tue 16 July 2013)