Open Bug 806034 Opened 12 years ago Updated 2 months ago

[meta] Bugs that reveal address space layout (ASLR bypasses)

Categories

(Core :: Security, enhancement)

enhancement

Tracking

()

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: meta)

fjserna argues that since memory-layout disclosures are about as hard to find as memory-safety bugs, and since you need both for a successful exploit, they should be treated as equally severe: http://media.blackhat.com/bh-us-12/Briefings/Serna/BH_US_12_Serna_Leak_Era_Slides.pdf Whatever we decide about the severity of these issues, we should at least be consistent :) Like maybe a direct reveal is sec-high and a timing attack reveal is sec-moderate.
Keywords: meta
Depends on: 1145337
Component: Tracking → Security
Severity: normal → S3
Type: defect → enhancement
You need to log in before you can comment on or make changes to this bug.