Firefox 0-day in the wild is being used to attack Tor users

Chiefcrowe · Nov 30, 2016

http://arstechnica.com/security/201...sers-almost-identical-to-one-fbi-used-in-2013

VirtualLarry · Nov 30, 2016

Wow, serious. This may be how I got 0wn3d recently.

John Connor · Dec 1, 2016

+1 for VooDooShield and Sandboxie. I don't use Firefox, but I do use Tor sometimes.

Rifter · Dec 1, 2016

Red Squirrel · Dec 1, 2016

It would be nice if browsers would be chrooted by default when installed. It seems no one can make a secure browser these days. They have no reason to need access to the entire file system. Just need a place to store settings, bookmarks and downloads.

I looked into what it takes to chroot it but it's quite involved. Need to actually try it some day.

Chiefcrowe · Dec 2, 2016

That sounds great, and if you do that please keep us updated on how it goes.

TheRyuu · Dec 4, 2016

Red Squirrel said:
It would be nice if browsers would be chrooted by default when installed. It seems no one can make a secure browser these days. They have no reason to need access to the entire file system. Just need a place to store settings, bookmarks and downloads.

I looked into what it takes to chroot it but it's quite involved. Need to actually try it some day.

Chrome/Chromium does everything you've mentioned.

Elixer · Dec 5, 2016

TheRyuu said:
Chrome/Chromium does everything you've mentioned.

No, Chrome still allows access to the filesystem, there is no access control yet.

What is needed is a complete web OS that runs in an access controlled VM.

TheRyuu · Dec 11, 2016

Elixer said:
No, Chrome still allows access to the filesystem, there is no access control yet.

What is needed is a complete web OS that runs in an access controlled VM.

The renderer and plugin processes shouldn't have access to anything. They have to go through the broker process.

On Windows they run at an untrusted integrity level which cannot access anything.

Red Squirrel · Dec 11, 2016

TheRyuu said:
The renderer and plugin processes shouldn't have access to anything. They have to go through the broker process.

On Windows they run at an untrusted integrity level which cannot access anything.

Privilege escalation exploits. These things happen all the time especially in windows. What needs to happen is that browsers need to be truly sandboxed, like a VM or chroot. Suppose you could just do that yourself and run it in a VM though. There could be a network share for the bookmarks and downloads, and the VM itself is setup so to just goes back to a preset each time it's loaded. So even if it gets infected you just restart it. Idealy it would need to be fairly seamless though.

TheRyuu · Dec 12, 2016

Red Squirrel said:
What needs to happen is that browsers need to be truly sandboxed, like a VM or chroot.

Unless you're using grsecurity a chroot is not like a jail on linux. Privilege escalation's are not exclusive to Windows. They happen everywhere. That doesn't mean you should just give up and not practice defense in depth. Chrome/chromium does basically everything it can short of running in a VM. Just look at all the crap it can block with win32k lockdown enabled for Flash on Windows 10, we're talking defeating classes of exploits.

I'm pretty sure Chrome/chromium does use chroot on linux.

Firefox 0-day in the wild is being used to attack Tor users

Chiefcrowe

Diamond Member

VirtualLarry

No Lifer

John Connor

Lifer

Rifter

Lifer

Red Squirrel

No Lifer

Chiefcrowe

Diamond Member

TheRyuu

Diamond Member

Elixer

Lifer

TheRyuu

Diamond Member

Red Squirrel

No Lifer

TheRyuu

Diamond Member

TRENDING THREADS