Technical Work

• Firefox. Firefox is an open-source web browser developed by Mozilla. At Mozilla, I am the specialist that will be happy to dig into hard crash investigations — particularly those involving Windows OS internals and third-party software interactions. My investigations have produced CVEs and vendor-shipped fixes in third-party software (CVE-2022-4291, CVE-2025-21291, CVE-2025-49709), in addition to architectural work on sandbox design, unwind information, build infrastructure, and crash analysis tooling for AI agents. I also drove the end-to-end integration of Google's Zucchini binary-diffing library into Firefox's Windows updater — from vendoring to implementation — a joint project with Heitor Neiva currently deployed in Firefox Nightly that produces 33% smaller update patches for Windows x64 binaries, with significant CDN cost savings for Mozilla expected once this work reaches Release.

• Frida — CET shadow stack compatibility for x86 interceptor — frida-gum#791. Intel CET (Control-flow Enforcement Technology) shadow stacks validate return addresses at the hardware level: a processor-maintained stack records the expected return address for every CALL, and any RET that doesn't match causes a fault. Frida's x86 interceptor was not CET-aware: its trampolines used non-standard control flow (returning through sequences that were never entered via a matching CALL), causing shadow stack violations when intercepting functions in CET-hardened processes on Windows. I added CPU feature detection for shadow stack support, fixed the CALL/RET discipline in the trampoline code to maintain a consistent hardware shadow stack, and made the on_leave trampoline a valid return target so intercepted functions can return through Frida's instrumentation without faulting. This makes Frida's interceptor work in CET-compatible modules under Windows user-mode shadow stack protection.

• Frida — RW/RX memory permissions for Windows code injection — frida-core#513. Frida's Windows injection mechanism used RWX (read-write-execute) memory, which is blocked by Arbitrary Code Guard — a security mitigation active in some of Firefox's sandboxed processes and in other security-conscious software. I redesigned the injection to use staged permissions: the injected code is written to its own page with RW permissions, then the page is switched to RX before execution begins, keeping code and writable data separate. This made Frida work with Firefox and any other process that enforces strict memory permission policies.

• ferrisetw — full call stack support in ETW extended data items — ferrisetw#124. ferrisetw is a Rust library for consuming Windows Event Tracing (ETW) events. Its stack trace types were backed by Windows' ANYSIZE_ARRAY (effectively size 1), making it impossible to capture more than a single address from a call stack. I implemented a generic StackTraceItem<T> type supporting both 32-bit and 64-bit variants and arbitrary stack depth, giving ferrisetw users access to complete call stacks from ETW events.

• symdis — yjugl/symdis. A command-line disassembly tool for analyzing Firefox crash reports without crash dump access. Given a Socorro crash report, it fetches the matching binary and symbols from public sources — Mozilla's symbol server, Microsoft's symbol server, debuginfod, and package repositories — and disassembles the crashing function annotated with source lines, resolved call targets, and inline frame boundaries. Supports Windows (PE), Linux (ELF), macOS (Mach-O), and Android across x86, x86-64, ARM32, and AArch64.

• socorro-cli — yjugl/socorro-cli. A CLI for querying Mozilla's Socorro crash reporting system, designed for use by AI agents. Provides compact, token-efficient output for crash lookup, signature search, bug mapping, crash-pings telemetry, and statistical correlations. Current maintainer and main contributor (originally by Paul Adenot).

• mitimon — yjugl/mitimon. A Windows utility that monitors ETW events triggered when process mitigation policies block operations. It captures symbolized kernel and user-space stack traces, identifying which code paths conflict with active mitigations such as ACG or DEP. Built to debug Firefox compatibility issues with stricter Windows security policies.

• Blog Post. With Serge "sans Paille" Guelton. Mozilla Hacks, January 2024.

At Inria in the Prosecco project, as a master's and PhD student under the supervision of Cătălin Hriţcu and Bruno Blanchet, I studied how micro-policies — a framework for tag-based hardware-assisted security monitors — could enable efficient secure compilers. A secure compiler preserves source-language abstractions across compilation, letting programmers reason about security at the source level. This work was later continued as part of the ERC SECOMP project.

• Article (Auxiliary material). Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation. Yannis Juglaret, Cătălin Hriţcu, Arthur Azevedo de Amorim, Boris Eng, Benjamin C. Pierce. In 29th IEEE Symposium on Computer Security Foundations (CSF). arXiv:1602.04503.

• Technical Report. Towards a Fully Abstract Compiler Using Micro-Policies: Secure Compilation for Mutually Distrustful Components. Yannis Juglaret, Cătălin Hriţcu, Arthur Azevedo de Amorim, Benjamin C. Pierce, Antal Spector-Zabusky, Andrew Tolmach. arXiv:1510.00697.

• Extended Abstract. Secure Compilation Using Micro-Policies. Yannis Juglaret, Cătălin Hriţcu. In FCS 2015.

• Open Session Talk. Secure Compilation Using Micro-Policies. Yannis Juglaret. In FOSAD 2015.