We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

AppSec Village - localghost: Jumping the Browser Sandbox Without 0-Days

No logo availableDEF CON
 Hakimian, Parsia

Formal Metadata

Title
AppSec Village - localghost: Jumping the Browser Sandbox Without 0-Days
Alternative Title
localghost: Escaping the Browser Sandbox Without 0-Days
Title of Series
Number of Parts
374
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Many modern desktop applications use a localhost server for IPC and seamless interaction with websites. These servers usually have no authentication. JavaScript running in browsers can connect to these servers. I will discuss a dozen publicly disclosed bugs where malicious websites can connect these servers and directly run code on the machines.