Note that reuse is in the same function that freed it with no way of injecting JavaScript to reallocate it in between, so NOT EXPLOITABLE.
-
-
-
@berendjanwever web workers don't have access to the DOM. There's lots of cases like these affecting the execCommand functions. -
@pyoor_@berendjanwever MS saved lot of CVE's with MemProtect. Even more with MemGC. -
@dhanesh_k@berendjanwever You're right but I was referring to the large number of UAFs where free and reuse occur within the same function. -
@dhanesh_k@berendjanwever These existed prior to MemProtect and continue to do so. -
@dhanesh_k@berendjanwever Lots of cases where function copies a pointer without addRef, releases, then reuse stale ref. -
@pyoor_@berendjanwever Yes, but in few cases, between use and free, an event is triggered.Which helps us to fill the mem.Now those are gone -
@dhanesh_k@pyoor_ it doesn't execute anything useful (such as events) in between free and reuse, which is why it's not a vuln but a bug. - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.