Attack and Defense

@attackndefense

Mozilla's Security Internals for Engineers, Researchers, and Bounty Hunters

blog.mozilla.org/attack-and-def…
Joined February 2020
1 Photo or video Photos and videos

Tweets

You blocked @attackndefense

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @attackndefense

  1. Pinned Tweet
    Apr 24

    Please report bugs. If you - or someone else - improves exploitability after initial report, the bounty will be increased. If you're second reporter, you will be pro-rated. I guess I can only speak for our bounty program but come on industry, you can do better.

    Do not report open redirects without fully analyzing and seeing potentials of it. Thanks to random guy who reported open redirect, our report for full SSRF leaking client secret of integration claimed dupe. Again: do not report open redirects
    3 replies 2 retweets 10 likes
    Undo
  2. May 20

    If you want to learn more about how we do browser fuzzing at Mozilla - and our open source tools - check out !

    60 retweets 174 likes
    Undo
  3. Retweeted
    May 18

    and there is another shorter one i co-wrote

    1 reply 7 retweets 16 likes
    Show this thread
    Show this thread
    Undo
  4. Retweeted
    May 18

    woooooooo i wrote (and illustrated) a blog post about Site Isolation in Firefox for Desktop and its finally published! 💜

    5 replies 83 retweets 252 likes
    Show this thread
    Show this thread
    Undo
  5. Retweeted
    May 18

    Terrific overview of process isolating sites in Firefox by :

    16 retweets 30 likes
    Undo
  6. May 18

    We just published our Firefox Security Newsletter summarizing the work of Q1 2021! Check it out at

    9 retweets 26 likes
    Undo
  7. Apr 27

    Ever wondered how people find browser sandbox escapes? Wonder no more, because this blog post explains how to find, debug and invoke IPC messages. From JavaScript. Using .

    91 retweets 198 likes
    Undo
  8. Retweeted
    Apr 25

    Exploit Development: Browser Exploitation on Windows - Understanding Use-After-Free Vulnerabilities

    19 retweets 48 likes
    Undo
  9. Retweeted
    Apr 23

    Brave — Stealing your cookies remotely

    1 reply 8 retweets 27 likes
    Undo
  10. Mar 24

    Firefox 87 introduces SmartBlock for Private Browsing

    2 retweets 12 likes
    Undo
  11. Mar 22

    Effectively, we're changing our default *Referrer Policy* to ‘strict-origin-when-cross-origin’. You can also tell Firefox to stop sending all referrers, if you don't mind the occasional website breakage. Instructions at !

    1 retweet 5 likes
    Show this thread
    Show this thread
    Undo
  12. Mar 22

    Starting tomorrowish, your will trim all referrer information for cross-origin navigations: (Unless you use . Then you get all the good stuff 8 weeks in advance :)

    1 reply 23 retweets 57 likes
    Show this thread
    Show this thread
    Undo
  13. Mar 10

    Did you know that about 73% of your HTTP requests could be silently upgraded to HTTPS? Check our Insights into HTTPS-Only mode blog post, a mode that makes these upgrades convenient without breaking page loads for insecure legacy content!

    13 retweets 27 likes
    Undo
  14. Retweeted
    Feb 24

    We finally published our highlights from Firefox Security in Q4 of 2020 Huge kudos to all those developers and security engineers who are working so hard to keep Gecko the best implementation of the web platform ;)

    3 retweets 8 likes
    Undo
  15. Feb 9

    Blogged: Part 2 of nishimunea's tips on earning Bug Bounties in Fenix:

    13 retweets 31 likes
    Undo
  16. Jan 27

    IPC (Inter-Process Communication) provides a cornerstone in the Firefox multi-process Security Architecture. Here's how our message passing works and how you could fuzz it:

    1 reply 32 retweets 92 likes
    Undo
  17. Retweeted
    Jan 11

    The writeup for CVE-2020-16012 is out! This was such a fun bug, thanks a lot to for helping me edit and publish the writeup.

    1 reply 7 retweets 24 likes
    Undo
  18. Jan 11

    Guest Blog Post by - Leaking silhouettes of cross-origin images

    12 retweets 33 likes
    Undo
  19. 8 Dec 2020

    New guest blog post by nishimunea giving tips on earning bug bounties in Fenix - - look for part 2 early next year!

    22 retweets 40 likes
    Undo
  20. 17 Nov 2020

    Introducing optional HTTPS-Only Mode🔒 in Firefox 83! ✅ Firefox will always try to use secure connections by default! ✅ Firefox asks for your permission before connecting to a website that doesn’t support HTTPS. See for more!

    13 retweets 39 likes
    Undo

@attackndefense hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·