In this presentation, we examine a series of information disclosure flaws uncovered in Mozilla Firefox, with
particular emphasis on how URL protocol handlers can pose security threats. Our investigation shows that
attackers can leverage subtle timing variations and side channels to detect installed applications and
configured URL protocols. Notably, the vulnerabilities CVE-2024-5690 and CVE-2024-9398 enable adversaries to
profile user systems and gather reconnaissance data without any direct interaction from the user.
This research underscores the critical need to address emerging side-channel exploits in modern browsers and
offers practical guidance for developers and security professionals alike. By applying these insights, it is
possible to strengthen user privacy and mitigate advanced exploitation tactics in today's threat landscape.
Talks
Cryptographic protocols and zero-knowledge proofs are making huge strides, both on the theory and practice side. But where time-to-market constraints and security-critical components meet, is exactly where impactful bugs like to pop up. This talk looks at a zkVM — a virtual machine enabling zero-knowledge proofs of correct execution — targeting a RISC-V architecture, and some bugs we discovered within the code base. These bugs range from malicious guest programs behaving entirely unexpectedly from what one would expect coming from "real hardware", to losing all soundness and being able to prove arbitrary and incorrect statements. While the former bugs can be argued to not be flaws in the VM, since malicious programs can naturally pervert the execution in numerous ways, their presence may enable or simplify full exploitation of otherwise hard-to-use bugs that don't need malicious programs. In particular, as a proof of concept, the primality of the number 42 is proven, as well as knowledge of Satoshi's private keys.
