It more often than not requires the utilization of multiple bugs and implementation of complex logic taking advantage of intricate program-specific techniques. These circumstances lead to a memory corruption condition known as “ Write After Free,” where the program erroneously writes into memory that has been freed.ĭue to the numerous security mitigations applied to today’s operating systems and programs, developing a functional exploit for a memory corruption vulnerability in a web browser is no easy feat. The root cause of the bug described here is a programming error in which a C++ object is being used without properly holding a reference to it, allowing for the object to be prematurely freed. The engine component where the bug exists is the HTML5 Parser, specifically around the handling of “Custom Elements.” A malicious web page can be programmed in a way that exploits this bug to fully compromise a vulnerable Firefox instance visiting it. This security vulnerability involves a software bug in Gecko (Firefox’s browser engine), in code responsible for parsing web pages. This article is about CVE-2018-18500, a security vulnerability in Mozilla Firefox found and reported to the Mozilla Foundation by SophosLabs in November, 2018. It’s written for an audience with background in security vulnerability research no background in Firefox internals or web browsers in general is necessary. The vulnerability was deemed critical by Mozilla’s bug tracking team and was patched in Firefox 65.0. Editor’s note: This article is a technical description of a bug discovered by a member of the Offensive Research team at SophosLabs, and how the researcher created a proof-of-concept “Arbitrary Read/Write Primitive” exploit for this bug.
0 kommentar(er)
