1. 10

  2. 2

    This blog post also explains the sandbox escape that was used to attack coinbase in 2019. Public exploits and write-ups exist, but this blog post focuses on the techniques to find these bugs:

    • The APIs that Firefox uses to send messages across processes
    • How to fake these IPC messages, which essentially helps simulating a compromised child process and might be useful in finding additional sandbox escapes
    • How to enable browser-process debugging and step through JavaScript code in parent and child process using normal Firefox DevTools.