Description
The Spectre attack, discovered in 2018, posed a huge risk to security, with one of the
main targets being browsers. The attack made it possible for one website to steal
data (e.g. credentials) from another website, provided they are in the same browser
process. It sent OS , CPU and browser manufacturers scrambling to introduce fixes.
In browsers, this meant separating websites into their own processes, only allowing
websites considered “same-site” to be put into the same process. In this thesis, we
take a look at a recent version of Firefox and present how this behavior can still pose a
security risk. We first look at the implementation and show that websites considered
“same-site” can steal data from each other. We then look at what is necessary in order
to do that, what data an attacker could steal and how that can be achieved. Next, we
implement a proof-of-concept exploit to confirm these findings. The presented exploit
allows an attacker to steal cookies and values from local storage. Lastly, we put these
findings into context and present mitigations for this attack.
|
