The recent release of Firefox 32 fixes another interesting image parsing issue found by american fuzzy lop: following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with a simple <canvas> + toDataURL() harness that examines all the fuzzer-generated test cases.
In general, problems like that may leak secrets across web origins, or more prosaically, may help attackers bypass security measures such as ASLR. For a slightly more detailed discussion, check out this post.
Here's a short proof-of-concept that should work if you haven't updated to 32 yet:
This is tracked as CVE-2014-1564, Mozilla bug 1045977. Several more should be coming soon.
CVE-2014-1564: Uninitialized memory with truncated images in Firefox
tháng 9 02, 2014 / with No comments /
Related Posts:
A Quick Argument Why Not to Raise Interest Rates
The Myth and Reality of Manufacturing in America- Links to Two Short Essays on Monetary Policy, One Good, One Bad
- Fear Not - The Chain Will Split But BTC is still the longest chain.
- There is a huge hole in Trump's promise to bring back US manufacturing jobs
0 nhận xét:
Đăng nhận xét