New heap spray vulnerability- does NoScript protect?

General discussion about the NoScript extension for Firefox
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: New heap spray vulnerability- does NoScript protect?

Post by luntrus » Sat Jul 25, 2009 6:10 pm

Hi tlu,

Well this thread has certainly taken some U-turn. Well never mind, but let us return to the question at hand with a short recapitulation of what the heap spray vulnerability stands for:

Heap spraying basically termed as the substitute to ‘Arbitrary Code Execution’. In plain English. Intruders try to enter in the system by executing some sort of code from your browser, hackers certainly know what is meant here.

Heap spraying was introduced back in 2001, and started getting off with the help of browsers in the year 2005 and beyond. This exploit have done major damages in that same year 2005, as it was first tried in bowers at the time. This term is generally used by cybercriminals and in the computer security world to define arbitrary code execution.

This code which sprays the heap attempts to put a certain sequence of bytes at a predetermined location in the memory of a target process by having it allocate (large) blocks on the process’ heap and fill the bytes in these blocks with the right values.

These heap blocks will approximately be in the same location every time the heap spray is run. Well this is well known fact for hackers today. This gives them advantage over testing Firefox 3.5 against the heap spray exploit.

Mozilla might have forget to close all its open doors for such a common vulnerability at the launch of this version of Fx, but we have seen it soon patched, because I of it loyal users, and some are here too.
With NS installed we are secure against this arbitrary code vulnerability or the next, no sweat,

luntrus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2pre) Gecko/20090725 Shiretoko/3.5.2pre

Post Reply