The AnC attack
Re: The AnC attack
Be careful not to believe too much of the hype surrounding this.
Although ASLR is an important defense-in-depth mechanism to prevent straight-up hacks, having it lose effectiveness doesn't "strip away protection" against vulnerabilities "merely by visiting a website". It only makes it easier for already-known vulnerabilities (which is where browser vendors need to work to mitigate in the first place) to be exploited by knowing the exact address certain code lives (easier payload targeting). How to access those locations from within a shielded web content context is a whole different story.
(As an aside: no, the proof-of-concepts don't work in the current version of Pale Moon)
Although ASLR is an important defense-in-depth mechanism to prevent straight-up hacks, having it lose effectiveness doesn't "strip away protection" against vulnerabilities "merely by visiting a website". It only makes it easier for already-known vulnerabilities (which is where browser vendors need to work to mitigate in the first place) to be exploited by knowing the exact address certain code lives (easier payload targeting). How to access those locations from within a shielded web content context is a whole different story.
(As an aside: no, the proof-of-concepts don't work in the current version of Pale Moon)
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
