Firefox and Tor hit with a MASSIVE exploit (9.8 CVSS)

preview_player
Показать описание
This Firefox Vulnerability takes advantage of a use after free in the Firefox CSS decoder. In this video we'll talk about the bug, and what exactly this means.

  1. Low Level
  2. hacking
  3. cybersecurity
  4. computers
  5. hackers
  6. apple
Комментарии
Автор

I like how he said "Microsoft" instead of "Mozilla" at 0:56 out of habit

NicolaGuerrera
Автор

thank god, i am safe because i print out html, css and js of websites and render them in my head😌

akshayyadav
Автор

(Context: I fixed this bug) The premise of the video is just not correct, you can't trigger this just with CSS, for what is worth. But happy to chat more about it once details are public if you want.

emiliocobos
Автор

I always said CSS was the devils work, switching back to Lynx

goaserer
Автор

just a note: there is a one null byte overflow caused by the scanf @ 0:28 (should be %31s)
if anyone was wondering how programmers make mistakes such as UAF, this is how :)

itskarudo
Автор

css, the hacker's programming language

kahdeksan
Автор

While it's very nice that you showed a code example, highlighting how the vulnerability works, there is one assumption you make that has to be true (but isn't necessarily always true) for this to work.

That assumption is that both the randy and the frank pointers will end up pointing to the same memory address, even though your code doesn't guarentee that. You simply do mallocs to each of them, which means that it's up to the underlying memory allocator to decide where the allocated memory pools will reside

VNActivityProjectRem
Автор

I will make a 0day exploit of something obscure just so Low Level explains it and breaks it down in a video

kart_elon_xd
Автор

They're deleting our dogs… they're deleting our cats! 🤣🤣🤣

bdmartinez
Автор

When CSS animations go from making your website pretty to running malicious code, updating your browser is the new form of self-care in the digital age.

Bryghtpath
Автор

On the Rust point, it's possible that Servo implements the relevant animation models, and so this vuln wouldn't be a thing if only Servo had been merged into FF :(

JamesGroom
Автор

Okey now we can all agree CSS is programming language

zuberkariye
Автор

I'm actually really impressed how people are able to find these exploits and how you actually show the exploit. I wish I had a fraction of brain power required to be able in that field. Good stuff!!

sheenismhaellim
Автор

8:03 "Would Rust have fixed this?" - yes, as well as C++ with smart pointers.

vladimirrus
Автор

"They're deleting the dogs, they're deleting the cats. Delete the cat, delete delete the cats..." /oblig 😏

MacDKB
Автор

Are you assuming that the allocator returns pointers to the exact same memory location? Looking at the code, I don't see any other way for randy and frank to overlap.

nicholas_obert
Автор

Hey, so, after a bit of looking around, it SOUNDS like this exploit is related to the "animation-timeline" CSS property, which is new and experimental. But also, it's not enabled in Firefox by default, so even if the potential damage of this exploit is high, it looks like only a small amount of users would have been affected, given you would have to go into your about:config, look for the right flag, and enable it manually.

Rage
Автор

Q: when is a cat a dog?
A: when you free the dog then frank and randy point at each other

kingjames
Автор

No! Look how they have massacred my little fox😢

God-i
Автор

"Todays video is sponsor by ME!" I love this part 😀. I will join Low Level Academy this year, but I have too much expenses this month.

kamilziemian