Pwn2Own: Firefox hacked with 0-day flaw

[nsane.forums]

The exploit was triggered against a use-after-free vulnerability in the open-source browser and successfully evaded DEP and ALSR, two anti-exploit mitigations built into the Windows operating system.

Willem Pinckaers and Vincenzo Iozzo

Mozilla’s Firefox is the latest browser to fall victim to hackers at this year’s Pwn2Own hacker contest.

Two researchers working together – Willem Pinckaers and Vincenzo Iozzo — exploited a single zero-day vulnerability in the latest Firefox 10.0.2 (Windows 7 SP1) to cart off a $30,000 cash prize.

The exploit was triggered against a use-after-free vulnerability in the open-source browser and successfully evaded DEP and ALSR, two significant anti-exploit mitigations built into the Windows operating system.

Firefox does not have a sandbox, which made it an easy target at Pwn2Own, which unearthed multiple zero-day flaws in Microsoft’s Internet Explorer and the Google Chrome browser.

In an interview after demonstrating the drive-by download attack for Pwn2Own organizers, Pinckers said he was able to convert the use-after-free bug into two separate information-leak conditions to complete the exploit.

“We triggered the same vulnerability three times. We used it once to leak some information, the used it again to leak addresses of our data. Then, we used the same vulnerability a third time get code execution.”

Pinckaers said it took him a single day to write a reliable exploit after Iozzo gave him the vulnerability.

View: Original Article