(In reply to Kai Engert (:KaiE:) from comment #21) > Summarizing the severity of this issue: > > The bug causes attacker controlled values to be written to the call stack, which could lead to the execution of attacker controlled code. > > This sounds like sec-high. Thank you for your comment. The reason I used "Stack Smashing" is exactly because I feared that bad guys can concoct something sinister for a particular binary on a particular CPU compiled by a certain version of a certain compiler. That may be only a portion of the overall TB users, but if you have 10 million users all over the world, that can be a lot. It is not a matter of simple DoS. It may run a malware-supplied script or something. That was what I was worried about. An organization with a big pocket may be able to do this. That is the reality in today's world. (See Blackhat and other similar-minded conferences or publications. There are full of clever exploits and I suspect many of us come out very depressed after learning the exploits.) One reason I try to run tests under valgrind after my patches are applied locally is to avoid such serious security issues. (One of these days ASAN build is useful in the face of non-testability of mochitest under valgrind.) Again, I am not sure why I had not caught this much sooner with valgrind. But that's another story.
Bug 1677338 Comment 23 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Kai Engert (:KaiE:) from comment #21) > Summarizing the severity of this issue: > > The bug causes attacker controlled values to be written to the call stack, which could lead to the execution of attacker controlled code. > > This sounds like sec-high. Thank you for your comment. The reason I used "Stack Smashing" in the title is exactly because I feared that bad guys can concoct something sinister for a particular binary on a particular CPU compiled by a certain version of a certain compiler. That may be only a portion of the overall TB users, but if you have 10 million users all over the world, that can be a lot. It is not a matter of simple DoS. It may run a malware-supplied script or something. That was what I was worried about. An organization with a big pocket may be able to do this. That is the reality in today's world. (See Blackhat and other similar-minded conferences or publications. There are full of clever exploits and I suspect many of us come out very depressed after learning the exploits.) One reason I try to run tests under valgrind after my patches are applied locally is to avoid such serious security issues. (One of these days ASAN build is useful in the face of non-testability of mochitest under valgrind.) Again, I am not sure why I had not caught this much sooner with valgrind. But that's another story.