my name is Frederik Braun and I'm a security engineer and manager working on the Mozilla Firefox web browser. My work on Firefox involves various topics ranging from security, web standards, static analysis, bug bounty, and public speaking. Some of my major projects include the eslint-plugin-no-unsanitized - which helps in finding and fixing DOM-Based XSS, the Mozilla Attack & Defense blog, the paper Hardening Firefox against Injection Attacks (PDF) and the Subresource Integrity web standard.

I am particularly proud of the blog post Examining JavaScript Inter-Process Communication in Firefox, which explains how to find a sandbox escape in Firefox. The blog post was made into a video What is a Browser Security Sandbox?! (Learn to Hack Firefox), by YouTuber LiveOverflow.

Before working at Mozilla, I wrote a diploma thesis about the Same Origin Policy in 2012, which concluded my studies of IT-Security at the Ruhr University in Bochum. This is also where I co-founded the CTF team fluxfingers.

Please proceed here to read my blog posts or learn more about my open source projects and conference talks.