The Art of Software Security Assessment

An Interesting Mozilla Exploit

justin November 26th, 2008

The Frequency X blog has a writeup on a NULL pointer dereference bug I found a while ago in Firefox. I always find these types of bugs interesting because they require such unique approaches to getting code execution. If youre similarly inclined, you can read the post and follow the details of the exploit process yourself.

Discussion

4 Responses to “An Interesting Mozilla Exploit”

# mjon 26 Nov 2008 at 5:28 pm

link seems broken
# justinon 26 Nov 2008 at 6:20 pm

Thanks MJ. The linked is fixed.
# bannediton 29 Nov 2008 at 9:44 am

very nice write up. I especially enjoyed the canvas technique. Creativity ftw.
# justinon 30 Nov 2008 at 3:49 pm

bannedit,

Thanks. The canvas thing was one of those details that seemed worth sharing because it could be handy for other exploits.

Permanent Link | Trackback URI | Comments RSS

The Book

This blog provides running commentary from Mark Dowd, John McDonald, and Justin Schuh, the authors of the book: The Art of Software Security Assessment. You can purchase a copy from Amazon, or directly from the publisher, Addison-Wesley, and peruse the sample chapter on C Language vulnerabilities.
Tags
- Errata (5)
- Discussion (31)
- Auditing (9)
  - Windows (6)
  - Unix (3)
  - C/C++ (9)
  - SQL (2)
  - Web (5)
- Spot the Vuln (2)
Archives
- July 2009 (2)
- November 2008 (2)
- October 2008 (1)
- August 2008 (2)
- June 2008 (1)
- May 2008 (1)
- April 2008 (2)
- February 2008 (2)
- January 2008 (2)
- August 2007 (1)
- July 2007 (1)
- April 2007 (1)
- February 2007 (6)
- January 2007 (6)
- December 2006 (13)

Continued ramblings on software security and code auditing

An Interesting Mozilla Exploit

4 Responses to “An Interesting Mozilla Exploit”

Leave a Reply

The Book

Tags

Archives