Mischa Spiegelmock and Andrew Wbeelsoi at a ToorCon conference (on hacking) had proclaimed that the Javascript in Firefox was a “complete mess,” and that there are several vulnerabilities, the worst of which causes a stack overflow and consequently code execution. (Stack overflow is where a program takes up more space than it had/been allocated in memory.) They also proclaimed that it could “never be patched.”
Mozilla had, of course, looked into this, and spoken to Mischa. There was a surprise though: he had never actually got the code to execute anything. It would merely cause a stack overflow… and crash.
As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.
So, it was also based on an old security flaw which was fixed previously.
So, was it just a prank to try and make ToorCon more notable?
Get Updates