What is a Browser Security Sandbox?! (Learn to Hack Firefox)

zerodium is a fucking scam. they pay up to x amount of money, so they'll usually pay around 10-20k for a 100k exploit

Have been using Sandboxie for over a decade. So far so good. No malware, at least according to herdProtect (free), Kasperski Virus Removal Tool (free), Hitman Pro (free) Windows Defender (free), and Malwarebytes Premium (two year license discount).
I prefer Sandbosie Classic to the Plus version, maybe out of habit.

funny, i saw this video a while ago, but i just barely watched ....now im watching again because i found a bug totally accidental that crash firefox,; the question now is if its exploitable...

sound like a foreign language to me lol

@LiveOverflow Could you, if you're interested in this as well, make a video about windows 95 vulnerabilities and exploits? Would be very interested in seeing how insecure old systems like this really are compared to todays standards

I'm still learning Linux and Terminal prior to learn to code, but liked the channel very much!
Thanks for the videos!

Great Video!
Sandbox is cool and fun

Java drive bys... I remember having a few of them back in the day.

Firefox also has a lot of rust code now but it might not be used for IPC

Can't the W3C drop iframe from the standard? I don't imagine many legitimate use cases for it.

but i think if all for example iframes on the page gets it's own process this can open firefox to DoS attacks, but at least my websites credentials are kinda safe.

Firefox is useless shit!

What about known vulnerabilities that are not 0 days but still have not been fixed?

restore session exploit is latest for firefox. and not many know about it essentialy if u turn down machine via power button or loss of power and it asks to restore session of pre-loaded website the payload loads then. it is similar to the sad face of crashing chrome sometimes. yes it is live yes it is unpatched

Thanks for your amazing content

Sounds like the ps4 hacking scene

Great! Thanks for sharing your expertise on this. I will now stop browsing the intrawebbs forever. Bye!

Can we sandbox the sandbox, and at least garantee that even if the browser sandbox is compromised, the entire system won't, in a Easy Way ?

I don't understand. So the message loop in the parent process responsible for handling javascript messages coming from the sandboxed processes is implemented in Javascript itself?

Mind blowing

but why? why would you do that?

really cool brother

Imagine a sandbox as a walled in area, sure there are gates but how can you get through the gates? Within the walled in area you can do whatever you want, however its a small enough area where you can only do the purpose your suppost to do. The problem is getting out of the wall

So thats why FireFox are eating ram as candy now

This deserves to be a netflix series.

Kqkqkqkqkqkkqkqkq

OMG Sauercloud XD

Mr. LiveOverflow is very knowledgeable sent from heaven.

Me who took only a few classes of Coding during HS, oh yes the javascript engine

madalType 3?

even the devtools are html+css+js

very goood

How do I hire your company... I am 100% sandboxed and its being used to cripple me.

Accept Jesus Christ as your Lord and Savior and you will be saved. John 3:16 (Share the good news of the gospel around the world!)...... ,,..

Have a wonderful rest of your day/night everyone, may the LORD bless you all, and farewell!.,,, ,,,,.. ,,,,,

after watching this, and thinking how long its been since i clean installed windows... im like... not sure man

Firefox: sharing tips of how to find vulnerabilities to make their browser more secure over time

Hacker: uses tips and sell vulnerabilities to a foreign goverment

Firefox:
⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿
⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿
⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿
⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿
⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿

if the browser create an sandbox for every page it loads, can some attacker "DDOS" the memory for sandbox pointers?
i mean, how many sandboxes can an browser realy create before it crashes?
what if i for example, put 1 million iframes for different urls in the page?

cool video. ty

chrome:// stuff is shiny stuff

Very cool!

Hey bro how about "android exploitation" explanation. :) Plzz

Disable adblockers to support this guy!

Firefox in JS is like

Seeing this just after the news about Firefox being overtaken by Edge... it seems like Firefox is getting a lot of shit recently

I've been watching these videos for a while now, Decided to signup as a patreon! Love it whenever you upload new content! Always quality stuff!

Man soo goood!!🍻
You're helping the community sd much as you can by making and sharing such content! 🙌