POSTED BY: CENSUS / 29.05.2013

Firefox Exploitation - AthCon 2013

CENSUS will be one of the sponsors of the AthCon 2013 conference. We are thrilled to be participating for the fourth time actually, at AthCon, the leading technical IT security conference in Greece. This year, our researchers Patroklos Argyroudis and Chariton Karamitas will be presenting novel exploitation techniques against the Mozilla Firefox browser.

The talk’s abstract is the following:

The Mozilla Firefox web browser has a new memory allocator named `jemalloc’ enabled by default on all supported platforms (Windows, OS X, Linux and Android). Therefore, the traditional platform-specific heap exploitation techniques (like `unlinking’ and `frontlinking’) are no longer applicable when attacking new Firefox heap corruption vulnerabilities. In this talk we will develop novel exploitation approaches and primitives that can be used to attack Mozilla Firefox via its new heap manager. We will build on our previously published work on this area and include practical hands-on demonstrations of researching Firefox vulnerabilities and developing exploits for them. Moreover, we will release an updated and enhanced version of our jemalloc debugging utility (`unmask_jemalloc’).

If you haven’t registered yet, get your AthCon ticket now since today is the last day and there is no onsite registration!

Update: The presentation slides are now available here.