Tom Schuster<p>We just published my blog post about the recent work on hardening the <a href="https://hachyderm.io/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> frontend against attacks we have seen demonstrated during <a href="https://hachyderm.io/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a>.</p><p><a href="https://attackanddefense.dev/2025/04/09/hardening-the-firefox-frontend-with-content-security-policies.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">attackanddefense.dev/2025/04/0</span><span class="invisible">9/hardening-the-firefox-frontend-with-content-security-policies.html</span></a></p>
veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.
Administered by:
Server stats:
271active users
veganism.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-alpha.5
#Pwn2own
0 posts · 0 participants · 0 posts today
Trend Zero Day Initiative<p>Wow. Just wow. The @synacktiv team was able to take over the <a href="https://infosec.exchange/tags/Tesla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tesla</span></a> Wall Connector while having their exploit originate from the Charging Connector. To our knowledge, that's never been demonstrated publicly before. They head to the disclosure room with details. <a href="https://infosec.exchange/tags/P2OAuto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2OAuto</span></a> <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a></p>
Tom Schuster<p>As a hardening measure, we now block inline event handlers in the main <a href="https://hachyderm.io/tags/firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firefox</span></a> window. Inline event handlers have previously been used to gain code execution in the parent process, for example in the <a href="https://hachyderm.io/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> contest.</p><p>I have spent the last few months removing hundreds of inline event handlers.</p><p><a href="https://groups.google.com/a/mozilla.org/g/firefox-dev/c/lqBtoY5IJzU" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">groups.google.com/a/mozilla.or</span><span class="invisible">g/g/firefox-dev/c/lqBtoY5IJzU</span></a></p>
nemo™ 🇺🇦<p>At the recent Pwn2Own Ireland 2024 event, researchers exposed vulnerabilities in TrueNAS devices, highlighting the need for enhanced security measures. With teams earning over $1 million by exploiting these flaws, TrueNAS is urging users to harden their systems. 🛡️💻 Stay informed and secure! <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mas.to/tags/TrueNAS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrueNAS</span></a> <a href="https://mas.to/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> <a href="https://mas.to/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://mas.to/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a> Read more: <a href="https://www.techradar.com/pro/TrueNAS-device-vulnerabilities-exposed-during-hacking-competition" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">techradar.com/pro/TrueNAS-devi</span><span class="invisible">ce-vulnerabilities-exposed-during-hacking-competition</span></a></p>
VegansExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload