![]() ![]() The Electrolysis architecture should provide some sandboxing capabilities to Firefox over the next year, while the new code written in the memory-safe Rust programming language should limit the number of memory corruption bugs. ![]() However, with Mozilla’s renewed focus on security and performance, it may be able to catch up to the other browsers in security soon. He added that it would’ve been much harder to use an exploit like this against the Chrome and Edge browsers, which have better memory sandboxes and exploit mitigations than Firefox does.īeing so far behind the others in security could explain why Firefox wasn’t invited to the Pwn2Own contest this year. He even called the exploit “Pwn2Own 2012-level tech,” implying that Mozilla’s browser, on which the Tor Browser is based, is about four years behind everyone else in security. Firefox, Behind The Pack On Securityĭan Guido, the CEO of Trail of Bits, a security research company, mentioned on Twitter that the exploit is not that advanced, but it can cause significant damage because of Firefox's weak security mitigations. The server was located at the IP address 5.39.27.226 and could be accessed through port 80. This would be used to leak the user’s real IP, which would be collected by an online server (which is now offline). The code could be hosted on a website, and when a user would visit it through Tor or Firefox, it would construct an SVG file that would then trigger a “user-after-free” (UAF) memory corruption in the SVG parser of Firefox and Tor. The exploit code was a combination of HTML, CSS, and JavaScript. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |