Welcome to WebmasterWorld Guest from 54.163.158.163

Forum Moderators: phranque

Featured Home Page Discussion

New JavaScript Code Could Make Drive-By Exploits Much Worse

     
7:01 pm on Feb 16, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23805
votes: 456


According to researchers the decades old protection of major operating systems, known as address space layout randomization (ASLR), could be reaching the point of vulnerability thanks to a simple JavaScript code.
Now, researchers have devised an attack that could spell the end of ASLR as the world knows it now. The attack uses simple JavaScript code to identify the memory addresses where system and application components are loaded. When combined with attack code that exploits vulnerabilities in browsers or operating systems, the JavaScript can reliably eliminate virtually all of the protection ASLR provides. New JavaScript Code Could Make Drive-By Exploits Much Worse [arstechnica.com]
1:06 am on Feb 18, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:7556
votes: 244


Well lets hope the other browsers follow Safari's lead to mitigate such attacks.

I tried NoScript for a while but found I spent too much time allowing/disallowing sites to run JS. Not a problem on my handful of favorite sites, but I do a lot of research to new sites and it became tedious.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members