A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla/gecko-dev). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.
When using Foxhound with data coming from WebAssembly, one data type we have to deal with is Uint8(Array). Currently, we are losing taints here, e.g., like this:
const x = new Uint8Array([Number.tainted(1), Number.tainted(2)]);
console.assert(x[0].taint, "noooooo")
// Assertion failed: ...
When using Foxhound with data coming from WebAssembly, one data type we have to deal with is Uint8(Array). Currently, we are losing taints here, e.g., like this:
This was originally reported by @0drai.