Open Bug 806034 Opened 8 years ago Updated 2 years ago

[meta] Bugs that reveal address space layout (ASLR bypasses)

Categories

(Core :: Security, defect)

defect
Not set
normal

Tracking

()

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: meta)

fjserna argues that since memory-layout disclosures are about as hard to find as memory-safety bugs, and since you need both for a successful exploit, they should be treated as equally severe:

http://media.blackhat.com/bh-us-12/Briefings/Serna/BH_US_12_Serna_Leak_Era_Slides.pdf

Whatever we decide about the severity of these issues, we should at least be consistent :)  Like maybe a direct reveal is sec-high and a timing attack reveal is sec-moderate.
Keywords: meta
Depends on: 1145337
Component: Tracking → Security
You need to log in before you can comment on or make changes to this bug.