Freddy
@freddyb.bsky.social
I work on manager/security things for a non-profit software company. I love my family, my bike and reading books.
You can also find me on Mastodon as @[email protected], which I consider my primary account.
Homepage: https://frederikbraun.de/
You can also find me on Mastodon as @[email protected], which I consider my primary account.
Homepage: https://frederikbraun.de/
Reposted by Freddy
I don't know who needs a kitty headbutt right now, but here's one for you
November 3, 2025 at 12:07 AM
I don't know who needs a kitty headbutt right now, but here's one for you
Reposted by Freddy
Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here:
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
November 3, 2025 at 12:26 PM
Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here:
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
Reposted by Freddy
Reposted by Freddy
I'm in a phenomenal talk on gender inequality in cybersecurity this morrning and this is such a great cheat sheet for intersectional fair employment.
August 1, 2025 at 12:35 AM
I'm in a phenomenal talk on gender inequality in cybersecurity this morrning and this is such a great cheat sheet for intersectional fair employment.
Reposted by Freddy
firefox container tabs are lowkey goated when $11/year VPS in dublin w/ socks5 over ssh is the vibe
happy VPN configuration day to all who celebrate
July 25, 2025 at 10:07 PM
firefox container tabs are lowkey goated when $11/year VPS in dublin w/ socks5 over ssh is the vibe
Reposted by Freddy
Wait, container tabs support individual proxy settings?
July 25, 2025 at 11:27 PM
Wait, container tabs support individual proxy settings?
We just opened the Call-for-Papers for the German OWASP Day 2025. The event will be held November 25th-26th in Düsseldorf.
god.owasp.de/2025/cfp.html
We're looking for all sorts of presentations about web security and beyond for an audience of builders, breakers and defenders.
god.owasp.de/2025/cfp.html
We're looking for all sorts of presentations about web security and beyond for an audience of builders, breakers and defenders.
German OWASP Day 2025
god.owasp.de
July 2, 2025 at 7:21 AM
We just opened the Call-for-Papers for the German OWASP Day 2025. The event will be held November 25th-26th in Düsseldorf.
god.owasp.de/2025/cfp.html
We're looking for all sorts of presentations about web security and beyond for an audience of builders, breakers and defenders.
god.owasp.de/2025/cfp.html
We're looking for all sorts of presentations about web security and beyond for an audience of builders, breakers and defenders.
Reposted by Freddy
cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
May 31, 2025 at 5:26 PM
cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
Reposted by Freddy
CUT MY LIST IN TWO PIECES
THAT’S HOW YOU START QUICKSORT
THAT’S HOW YOU START QUICKSORT
May 31, 2025 at 2:21 AM
CUT MY LIST IN TWO PIECES
THAT’S HOW YOU START QUICKSORT
THAT’S HOW YOU START QUICKSORT
Reposted by Freddy
end of an era 💔 blog.glitch.com/post/changes...
I know Glitch is working on project export but if you're git-capable, I built a tool that will mass-git-clone your public glitch projects: github.com/potch/glitch...
I know Glitch is working on project export but if you're git-capable, I built a tool that will mass-git-clone your public glitch projects: github.com/potch/glitch...
Important changes are coming to Glitch
We’ve got an important update for the Glitch community today: We’ll be ending web hosting for your apps on Glitch.
blog.glitch.com
May 22, 2025 at 8:26 PM
end of an era 💔 blog.glitch.com/post/changes...
I know Glitch is working on project export but if you're git-capable, I built a tool that will mass-git-clone your public glitch projects: github.com/potch/glitch...
I know Glitch is working on project export but if you're git-capable, I built a tool that will mass-git-clone your public glitch projects: github.com/potch/glitch...
Uh, pwn2own was...today? And we're shipping a bugfix release also today? Cool.
Update your Firefoxes, please :D
blog.mozilla.org/security/202...
Update your Firefoxes, please :D
blog.mozilla.org/security/202...
Firefox Security Response to pwn2own 2025 – Mozilla Security Blog
At Mozilla, we consider security to be a paramount aspect of the web. This is why not only does Firefox have a long running bug bounty program but also mature ...
blog.mozilla.org
May 17, 2025 at 10:06 PM
Uh, pwn2own was...today? And we're shipping a bugfix release also today? Cool.
Update your Firefoxes, please :D
blog.mozilla.org/security/202...
Update your Firefoxes, please :D
blog.mozilla.org/security/202...
Reposted by Freddy
We just published @firefox.com updates to fix the exploits used at the Pwn2Own contest yesterday and today. Both contestants achieved RCE in our content process but did not escape the sandbox.
blog.mozilla.org/security/202...
blog.mozilla.org/security/202...
Firefox Security Response to pwn2own 2025 – Mozilla Security Blog
At Mozilla, we consider security to be a paramount aspect of the web. This is why not only does Firefox have a long running bug bounty program but also mature ...
blog.mozilla.org
May 17, 2025 at 9:22 PM
We just published @firefox.com updates to fix the exploits used at the Pwn2Own contest yesterday and today. Both contestants achieved RCE in our content process but did not escape the sandbox.
blog.mozilla.org/security/202...
blog.mozilla.org/security/202...
Reposted by Freddy
We have an initial plan for talks and breakout sessions at the Web Engines Hackfest 2025: github.com/Igalia/weben...
• Monday: 9 talks and the W3C Web Apps WG F2F
• Tuesday & Wednesday: 23 breakout sessions in 3 parallel tracks
There might be still small changes, but it gives a good overall picture.
• Monday: 9 talks and the W3C Web Apps WG F2F
• Tuesday & Wednesday: 23 breakout sessions in 3 parallel tracks
There might be still small changes, but it gives a good overall picture.
Home
Web Engines Hackfest. Contribute to Igalia/webengineshackfest development by creating an account on GitHub.
github.com
May 16, 2025 at 3:43 PM
We have an initial plan for talks and breakout sessions at the Web Engines Hackfest 2025: github.com/Igalia/weben...
• Monday: 9 talks and the W3C Web Apps WG F2F
• Tuesday & Wednesday: 23 breakout sessions in 3 parallel tracks
There might be still small changes, but it gives a good overall picture.
• Monday: 9 talks and the W3C Web Apps WG F2F
• Tuesday & Wednesday: 23 breakout sessions in 3 parallel tracks
There might be still small changes, but it gives a good overall picture.
Reposted by Freddy
I made this diagram for a talk on encrypted messaging I recently gave, and I didn’t get to use it in the talk. I figured I’d share it here because I think it tells a story.
May 10, 2025 at 12:45 PM
I made this diagram for a talk on encrypted messaging I recently gave, and I didn’t get to use it in the talk. I figured I’d share it here because I think it tells a story.
New blog post: With Carrots & Sticks - Can the browser handle web security? https://frederikbraun.de/madweb-keynote-2025.html - This is the blog version of my keynote from MADWeb 2025 earlier this year. It's about how web security could become the browser's responsibility.
April 10, 2025 at 8:43 AM
New blog post: With Carrots & Sticks - Can the browser handle web security? https://frederikbraun.de/madweb-keynote-2025.html - This is the blog version of my keynote from MADWeb 2025 earlier this year. It's about how web security could become the browser's responsibility.
Blog post about the road to HTTPS-First in Firefox.
Early reports show an uptick in encrypted traffic by at least 1.5% for our global users. 😎
attackanddefense.dev/2025/03/31/h...
Early reports show an uptick in encrypted traffic by at least 1.5% for our global users. 😎
attackanddefense.dev/2025/03/31/h...
The Evolution of HTTPS Adoption in Firefox
We at Mozilla believe that people deserve privacy and one of the most important pieces of web privacy is provided through ubiquitous encryption. Because of this, we shipped HTTPS-First by default as o...
attackanddefense.dev
April 2, 2025 at 12:19 PM
Blog post about the road to HTTPS-First in Firefox.
Early reports show an uptick in encrypted traffic by at least 1.5% for our global users. 😎
attackanddefense.dev/2025/03/31/h...
Early reports show an uptick in encrypted traffic by at least 1.5% for our global users. 😎
attackanddefense.dev/2025/03/31/h...
Reposted by Freddy
Based on the traffic I see - Mastodon is number 1, then LinkedIn, then Reddit, then Microsoft Teams, then Google, then BlueSky, then Twitter.
March 31, 2025 at 10:38 PM
Based on the traffic I see - Mastodon is number 1, then LinkedIn, then Reddit, then Microsoft Teams, then Google, then BlueSky, then Twitter.
Firefox 136 was just released. As of now, Firefox will open all pages using 🔒https, if possible. If the connection does not succeed (port closed, certificate untrusted etc), the browser will automatically switch back to http.
March 5, 2025 at 2:11 PM
Firefox 136 was just released. As of now, Firefox will open all pages using 🔒https, if possible. If the connection does not succeed (port closed, certificate untrusted etc), the browser will automatically switch back to http.
Reposted by Freddy
They need him to be a genius because they cannot handle what it means for them to be tricked by a fool.
February 22, 2025 at 7:56 PM
They need him to be a genius because they cannot handle what it means for them to be tricked by a fool.
Reposted by Freddy
We're in the consumer HTTPS endgame. We need to finish the job so I can be certain all my mobile traffic is protected.
Please join me in asking the OS and browser makers to keep pushing and to finish the job in 2025, perhaps by Halloween! 👻 🔐
https://buff.ly/41qPpUM
Please join me in asking the OS and browser makers to keep pushing and to finish the job in 2025, perhaps by Halloween! 👻 🔐
https://buff.ly/41qPpUM
February 21, 2025 at 6:01 PM
We're in the consumer HTTPS endgame. We need to finish the job so I can be certain all my mobile traffic is protected.
Please join me in asking the OS and browser makers to keep pushing and to finish the job in 2025, perhaps by Halloween! 👻 🔐
https://buff.ly/41qPpUM
Please join me in asking the OS and browser makers to keep pushing and to finish the job in 2025, perhaps by Halloween! 👻 🔐
https://buff.ly/41qPpUM
Reposted by Freddy
#FUZZING'25 CALL FOR PAPERS
──────
✨ New OC members:
* Ruijie Meng (@ruijiemeng.bsky.social; NUS)
* Rohan Padhye (@rohan.padhye.org; CMU).
✨ New paper type: Fuzzing Nuggets (short papers).
🔗 fuzzingworkshop.github.io
📅 20.March (Submission)
📅 17.April (Notification)
📅 28.June (Workshop)
──────
✨ New OC members:
* Ruijie Meng (@ruijiemeng.bsky.social; NUS)
* Rohan Padhye (@rohan.padhye.org; CMU).
✨ New paper type: Fuzzing Nuggets (short papers).
🔗 fuzzingworkshop.github.io
📅 20.March (Submission)
📅 17.April (Notification)
📅 28.June (Workshop)
February 17, 2025 at 6:40 PM
#FUZZING'25 CALL FOR PAPERS
──────
✨ New OC members:
* Ruijie Meng (@ruijiemeng.bsky.social; NUS)
* Rohan Padhye (@rohan.padhye.org; CMU).
✨ New paper type: Fuzzing Nuggets (short papers).
🔗 fuzzingworkshop.github.io
📅 20.March (Submission)
📅 17.April (Notification)
📅 28.June (Workshop)
──────
✨ New OC members:
* Ruijie Meng (@ruijiemeng.bsky.social; NUS)
* Rohan Padhye (@rohan.padhye.org; CMU).
✨ New paper type: Fuzzing Nuggets (short papers).
🔗 fuzzingworkshop.github.io
📅 20.March (Submission)
📅 17.April (Notification)
📅 28.June (Workshop)
@boblord.bsky.social Did you stop looking at your account on infosec.exchange? I (finally) have a paper for you to preview, if you can tell me your primary email address.
February 18, 2025 at 7:59 PM
@boblord.bsky.social Did you stop looking at your account on infosec.exchange? I (finally) have a paper for you to preview, if you can tell me your primary email address.
Reposted by Freddy
I posted a blog about how browser permissions work. albertofdr.github.io/web-security...
You Shall Not Get Access 🧙🏻♂️: Browser Permissions | WebSec!
Web Security Educational Blog
albertofdr.github.io
January 29, 2025 at 12:16 PM
I posted a blog about how browser permissions work. albertofdr.github.io/web-security...
An updated to the Firefox Bug Bounty Hall of Fame for Q4 of 2024 just dropped. Thank you to the many folks who helped keep Firefox secure! 🏆👏
www.mozilla.org/en-US/securi...
www.mozilla.org/en-US/securi...
Mozilla Security Bug Bounty Program Hall of Fame
www.mozilla.org
January 31, 2025 at 7:40 AM
An updated to the Firefox Bug Bounty Hall of Fame for Q4 of 2024 just dropped. Thank you to the many folks who helped keep Firefox secure! 🏆👏
www.mozilla.org/en-US/securi...
www.mozilla.org/en-US/securi...