Confirmed users
43
edits
Community:SummerOfCode19:Brainstorming: Difference between revisions
Community:SummerOfCode19:Brainstorming (view source)
Revision as of 02:10, 1 February 2019
, 1 February 2019Add WASM sandboxing project
(Removed project idea until it has better definition) |
(Add WASM sandboxing project) |
||
| Line 170: | Line 170: | ||
| [https://github.com/mTwTm/ mTwTm(Teng-pao Yu)] | | [https://github.com/mTwTm/ mTwTm(Teng-pao Yu)] | ||
| [https://github.com/mTwTm/ mTwTm(Teng-pao Yu)], [https://github.com/cnevinc/ Nevin Chen] | | [https://github.com/mTwTm/ mTwTm(Teng-pao Yu)], [https://github.com/cnevinc/ Nevin Chen] | ||
| | |||
|- | |||
| Toolkit for sandboxing third-parties libraries in Firefox | |||
| Firefox supports a long tail of infrequently used image and audio formats to | |||
support the occasional website that uses them. Each such format requires the | |||
Firefox decoder to use a new open source library for parsing and decoding. | |||
This, unfortunately, increases the attack surface of Firefox and as we saw in | |||
Pwn2Own 2018, Firefox was successfully exploited via a bugs in such libraries | |||
(libogg in this case). | |||
This project proposes to sandbox third-party libraries in Firefox by building a | |||
new software-fault isolation toolkit. Our tookit will build on the WebAssembly | |||
compiler to isolate libraries in Firefox. But, as part of this toolkit we will | |||
also develop and apply a library for safely interfacing with sandboxed libraries (and | |||
sanitizing data coming from them). with this toolkit we can ensure that any | |||
vulnerability in third-party libraries (e.g., libogg or libpng) cannot be used | |||
to be used to compromise Firefox. | |||
| C/C++, experience with WebAssembly | |||
| [https://mozillians.org/en-US/u/erahm/ Eric Rahm] | |||
| [https://mozillians.org/en-US/u/froydnj/ Nathan Froyd] | |||
| | | | ||
|- | |- | ||