Subject: windows-firefox-addon tip to improve security Hello, my name is Matteo i have found that your plugin uses these two dll: extensions\[email protected]\platform\libDANEcore-WINNT-x86.dll extensions\[email protected]\platform\libDNSSECcore-WINNT-x86.dll located in the firefox profile directory.
Both doesnt have ASLR enabled and this render the whole aslr implementation useless, if one single dll loaded in firefox doesn't have aslr, aslr become useless because you know where code is located and you can do rop or other attacks. please compile them with aslr enabled, there is no need to reverite the code it is just a flag that must be set. let me know! Kind Regards Matteo
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnssec-validator-users mailing list [email protected] https://lists.nic.cz/cgi-bin/mailman/listinfo/dnssec-validator-users
