Like Apple’s Safari, the open-source Mozilla Firefox browser does not properly implement ASLR, a key anti-exploit mitigation that can limit the damage from hacker attacks. Nils, the U.K.-based researcher who compromised a Windows machine running Firefox for the second year in a row told me it’s “somewhat trivial” to bypass Firefox’s ASLR implementation because there are some .dll files that does not properly implement the address space layout randomization mitigation. This chart created by Nils provides more details.
Mozilla Falls Short on Firefox ASLR Implementation
Like Apple’s Safari, the open-source Mozilla Firefox browser does not properly implement ASLR, a key anti-exploit mitigation that can limit the damage from hacker attacks. Nils, the U.K.-based researcher who compromised a Windows machine running Firefox for the second year in a row told me it’s “somewhat trivial” to bypass Firefox’s ASLR implementation because there are some .dll files that does not properly implement the address space layout randomization mitigation.
