Open Bug 806034 Opened 11 years ago Updated 1 year ago

[meta] Bugs that reveal address space layout (ASLR bypasses)

Tracking

()

Status:

NEW

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: meta)

Jesse Ruderman

Reporter

Description

•

11 years ago

fjserna argues that since memory-layout disclosures are about as hard to find as memory-safety bugs, and since you need both for a successful exploit, they should be treated as equally severe:

http://media.blackhat.com/bh-us-12/Briefings/Serna/BH_US_12_Serna_Leak_Era_Slides.pdf

Whatever we decide about the severity of these issues, we should at least be consistent :)  Like maybe a direct reveal is sec-high and a timing attack reveal is sec-moderate.

Jesse Ruderman

Reporter

Updated

•

11 years ago

Keywords: meta

Jesse Ruderman

Reporter

Updated

•

9 years ago

Depends on: 1145337

Benjamin Smedberg

Updated

•

7 years ago

Component: Tracking → Security

BMO Automation

Updated

•

1 year ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[meta] Bugs that reveal address space layout (ASLR bypasses)

Categories

(Core :: Security, defect)

Tracking

()

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: meta)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated