Re: [Full-disclosure] Exploiting memory corruption vulnerabilities on Internet Explorer 8



On Thu, Oct 1, 2009 at 6:44 PM, Freddie Vicious <fred.vicious@xxxxxxxxx>wrote:

Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
DEP/ASLR there... But as you said, so far there's no known "catch-all"
technique against IE8.
Along with other security features (
http://blogs.msdn.com/architecture/archive/2009/08/13/internet-explorer-8-rated-tops-against-malware-and-phishing-attacks.aspx)
this basicly means that IE8 is the most secure web browser nowadays?

Depends. IMHO Non exists the more secure browser, anyway (not exists the
more secure software, never ) . But exists the more secure env on which the
browser run. There are some difference if i run firefox in windows xp and if
i run run firefox within a selinux guest account under Fedora.

On Thu, Oct 1, 2009 at 8:27 AM, Jared DeMott <jared.demott@xxxxxxxxxx>wrote:

I'm not aware of any catch-all technique just for IE8, though there are
a few common ones like return oriented programming. Application
specific techniques are also common when third party extensions are
involved.

--
__________________________________________
Jared D. DeMott
Principal Security Researcher




--
Best wishes,
Freddie Vicious
http://twitter.com/viciousf

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: What is the most secure web browser,
    ... > the most secure graphical browsers. ... > security of the browser can be defined within the ... > browser itself or by restricting the sites the users ... > D) Disable certain bugs by event correlation (I think ...
    (Security-Basics)
  • Re: FW: aa.com not encrypting customer transaction data (KMM508728C0KM)
    ... security we use to transfer confidential customer information. ... Most browsers indicate that a page is secure by one or more of the ... Our site will access secure servers for user confidentiality only when ... frames which contain this information and is the reason your browser is ...
    (Bugtraq)
  • What is the most secure web browser,
    ... the most secure “graphical” browsers. ... browser itself or by restricting the sites the users ... The security community has created ... >> obviously not the secure web browser of choice. ...
    (Security-Basics)
  • Re: Browser hijacker?
    ... >create a log file that can be sent to a forum that can ... >> appears to have downlaoded a 'secure content browser'. ... >> from the tools dropdown menu? ...
    (microsoft.public.windows.inetexplorer.ie6.setup)
  • Close browser window & open another
    ... Windows Integrated Security is being used. ... When a MIS Tech is at another employees pc, and they log into the secure ... Do I need to have the browser close, and open up another browser window? ...
    (microsoft.public.vsnet.general)