The controlled object eventually gives them RW access to memory, then its game over.
-
-
The story here is that there is no story. Software is buggy, 0days exist. Stop obsessing over single vulnerabilities. It's 2016, move fwd.
-
This is unlikely to work. All past info says LE exploits only run for very specific logged in users. https://twitter.com/csoghoian/status/803958781948338176 …
This Tweet is unavailable.
End of conversation
New conversation -
-
-
indeed. Or own a Tor hidden site and inject. Turns out building on top of Firefox is problematic.
-
till effort to make Firefox multi process / memory partitioning bears fruits ( year more?), such simple exploits "easy"
-
Multi-process is only the beginning of the path towards a meaningful sandbox and then a good implementation.
-
They're chasing a moving target too. Chromium's sandbox has improved all these years Firefox hasn't had one.
-
in fairness they're none profit competing with trillion dollar corps.
-
They've had no issue keeping up with performance and features. It has everything to do with priorities.
-
from occasional lurking in their dev channels & forums it's on wishlist for years but lacked resources
-
Maybe if they hadn't allocated all of their resources to projects like B2G and Persona only to cancel them...
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.