Heap Spraying Exploit Discovered in Mozilla Firefox 3.5
Mozilla Firefox, which is one of the most downloaded browser, has been a great platform for hacker to test it against various vulnerabilities. And before some days Mozilla Firefox 3.5 was released with great expectations from the company. And guess what the Firefox 3.5 is vulnerable for Heap spray exploit.Let us take a closer look at what exactly heap spraying attack means.
Heap spraying basically termed as the substitute to ‘Arbitrary Code Execution’. In plain English, intruders try to enter in the system by executing some sort of code from your browser. (If you want me to explain everything in plain English, STOP READING)
Heap spraying was introduced back 2001, & started spreading its wings with the help of browsers in year year 2005. This exploit have done major damages in similar year, as it was first tried in bowers that time. This term is generally used in cyber criminals & computer security world to define arbitrary code execution.
This Code which sprays the heap attempts to put a certain sequence of bytes at a predetermined location in the memory of a target process by having it allocate (large) blocks on the process’ heap and fill the bytes in these blocks with the right values.
These heap blocks will approximately be in the same location every time the heap spray is run, & it is well known fact for hackers for today. This gives them advantage over testing Firefox 3.5 against the heap spray exploit.
Mozilla might have forget to close all its open doors for such a common vulnerability, may be they are more excited about its new version launch of Firefox 3.5
But I trust , Mozilla will introduce patches in next update. (This article is published for the same.) Because I am its loyal user too.
Have great time, but keep reading all security updates from hackers enigma.
Source : Milw0rm Exploits & Vulnerabilities