Heap Spraying Exploit Discovered in Mozilla Firefox 3.5

Mozilla Firefox, which is one of the most downloaded browser, has been a great platform for hacker to test it against various vulnerabilities. And before some days Mozilla Firefox 3.5 was released with great expectations from the company. And guess what the Firefox 3.5 is vulnerable for Heap spray exploit.Let us take a closer look at what exactly heap spraying attack means.

Heap spraying basically termed as the substitute to ‘Arbitrary Code Execution’. In plain English, intruders try to enter in the system by executing some sort of code from your browser. (If you want me to explain everything in plain English, STOP READING)

Heap spraying was introduced back   2001, & started spreading its wings with the help of browsers in year year 2005. This exploit have done major damages in similar year, as it was first tried in bowers that time. This term is generally used in cyber criminals & computer security world to define arbitrary code execution.

This Code which sprays the heap attempts to put a certain sequence of bytes at a predetermined location in the memory of a target process by having it allocate (large) blocks on the process’ heap and fill the bytes in these blocks with the right values.

These heap blocks will approximately be in the same location every time the heap spray is run, & it is well known fact for hackers for today. This gives them advantage over testing Firefox 3.5 against the heap spray exploit.

Mozilla might have forget to close all its open doors for such a common vulnerability, may be they are more excited about its new version launch of Firefox 3.5

But I trust , Mozilla will introduce patches in next update. (This article is published for the same.) Because I am its loyal user too.

Have great time, but keep reading all security updates from hackers enigma.

Read More : Technical stuff about Heap Spray Exploit in Firefox 3.5

Source : Milw0rm Exploits & Vulnerabilities

Amol Wagh

Author is a Tech blogger & loves to share his work on web by writing guidelines for Ethical Hacking students & Security professionals. Performing various types of hacking from pen test to smartphone hacking – He enjoys hacking just for personal research purpose.

Working with more of ‘grey as well as black hat’ hackers for learning advanced hacking as well as defending techniques & share them with learners. His prime area of research is Cyber Criminals & currently working on a Video Product Development to teach hacking & Pen Testing for absolute beginners.

  • This is a excellent summary, I found the blog searching ask for a similar topic and came to this. I couldn’t find to much different information and facts about this written piece, therefore it had been awesome to find this one. I will most likely be back again to view a few other posts which you have another time.