Frederik Braun

With Carrots & Sticks - Can the browser handle web security?

Home assistant can not be secured for internet access

Modern solutions against cross-site attacks

Prompt Injections and a demo

The Mozilla Monument in San Francisco

What is mixed content?

How I got a new domain name

How Firefox gives special permissions to some domains

Examine Firefox Inter-Process Communication using JavaScript in 2023

Origins, Sites and other Terminologies

Finding and Fixing DOM-based XSS with Static Analysis

DOM Clobbering

Neue Methoden für Cross-Origin Isolation: Resource, Opener & Embedding Policies mit COOP, COEP, CORP und CORB

Reference Sheet for Principals in Mozilla Code

Hardening Firefox against Injection Attacks – The Technical Details

Understanding Web Security Checks in Firefox (Part 1)

Help Test Firefox's built-in HTML Sanitizer to protect against UXSS bugs

Remote Code Execution in Firefox beyond memory corruptions

XSS in The Digital #ClimateStrike Widget

Chrome switching the XSSAuditor to filter mode re-enables old attack

Challenge Write-up: Subresource Integrity in Service Workers

Finding the SqueezeBox Radio Default SSH Password

New CSP directive to make Subresource Integrity mandatory (`require-sri-for`)

Firefox OS apps and beyond

Teacher's Pinboard Write-up

A CDN that can not XSS you: Using Subresource Integrity

The Twitter Gazebo

German Firefox 1.0 ad (OCR)

My thoughts on Tor appliances

Subresource Integrity

Revoke App Permissions on Firefox OS

(Self) XSS at Mozilla's internal Phonebook

Tales of Python's Encoding

On the X-Frame-Options Security Header

html2dom

Security Review: HTML sanitizer in Thunderbird

Week 29 2013

The First Post