There's a bunch of misinformation about the new Firefox exploit so I'd like to clear a few things up. https://twitter.com/movrcx/status/803744059022069760 …
This Tweet is unavailable.
Thanks to the efforts from a few dedicated members of Trail of Bits (@withzombies, scott, and others), I have real info to share.
-
-
First off, it's a garden variety use-after-free, not a heap overflow, and it affects the SVG parser Firefox.
-
MWR published research in this area years ago in WebKit, and it appears that Firefox is lagging a few years behind. https://labs.mwrinfosecurity.com/blog/mwr-labs-pwn2own-2013-write-up-webkit-exploit/ …
- 14 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.