firefox executable stack (security best-practice failure)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| firefox (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Bug Description
lsmemmap.sh shows firefox has an executable stack and several write-execute anonymous mappings on x86-64. This is a security best-practice failure: shellcode injection into the stack or any of these anonymous mappings is possible now that they are data-code confused. This makes vulnerabilities in which Firefox improperly processes a Web page and executes data on the stack easy to take advantage of.
task 6862 (/usr/lib/
40001000-40801000 rwxp 40001000 00:00 0
40802000-41002000 rwxp 40802000 00:00 0
41003000-41803000 rwxp 41003000 00:00 0
41804000-42004000 rwxp 41804000 00:00 0
42005000-42805000 rwxp 42005000 00:00 0
42806000-43006000 rwxp 42806000 00:00 0
43007000-43807000 rwxp 43007000 00:00 0
7fffffad1000-
Please note that this is not a security vulnerability; it is a failure to execute security best practices. By correcting this, certain real vulnerabilities will become difficult or impossible to exploit beyond basic denial of service.
The most likely cause of this is the use of gcc nested functions in Firefox or an attached plug-in. As this affects Thunderbird as well, it is likely a failing in the Gecko Runtime Engine, which processes the XUL language that Firefox and Thunderbird are written in.
See also bug #34129 which has the script I used as an attachment.
| John Moser (nigelenki) wrote | #1 |
| Changed in firefox: | |
| status: | Unconfirmed → Confirmed |
| John Moser (nigelenki) wrote | #2 |
| Changed in firefox: | |
| status: | Confirmed → Fix Released |
This is an Ubuntu bug, dependent on bug #49192, which I have already explained how to fix as of last night. :)
Yes, I was wrong with my nested function guess.