Open Bug 1501717 Opened 7 years ago Updated 3 years ago

Hook ntdll!RtlDispatchAPC in order to capture APCs

Tracking

()

Status:

NEW

Tracking Flags:

Tracking

Status

firefox65

---

affected

People

(Reporter: ccorcoran, Unassigned)

References

(Depends on 1 open bug)

Details

Carl Corcoran [:ccorcoran]

Reporter

Description

•

7 years ago

APCs are a way that external apps can force Firefox to execute arbitrary code, most commonly used as a way of DLL injection. We currently block malicious threads by gatekeeping in BaseThreadInitThunk; we could extend this type of mechanism to gatekeep APCs.

Andrew Overholt [:overholt]

Updated

•

7 years ago

Priority: -- → P2

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Hook ntdll!RtlDispatchAPC in order to capture APCs

Categories

(Core :: General, enhancement, P2)

Tracking

()

People

(Reporter: ccorcoran, Unassigned)

References

(Depends on 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated