Hi,
my name isFrederik Braun andI'm a security engineer and manager working on the Mozilla Firefox web browser.My work on Firefox involves various topics ranging from security, web standards,static analysis, bug bounty, and public speaking. Some of my major projectsinclude theeslint-plugin-no-unsanitized -which helps infinding and fixing DOM-BasedXSS,theMozilla Attack & Defense blog,the paperHardening Firefox against Injection Attacks(PDF) and theSubresourceIntegrityweb standard.
I am particularly proud of the blog postExamining JavaScript Inter-ProcessCommunication inFirefox,which explains how to find a sandbox escape in Firefox.The blog post was made into a videoWhat is a Browser Security Sandbox?! (Learn to Hack Firefox),by YouTuberLiveOverflow.
Before working at Mozilla, I wrote adiploma thesis about the Same OriginPolicyin 2012, which concluded my studies of IT-Security at theRuhr Universityin Bochum. This is also where I co-founded the CTF teamfluxfingers.
Please proceedhere to read my blog posts or learn more aboutmy open source projects and conference talks.