Mozilla fixes Firefox zero-day actively exploited in attacks (www.bleepingcomputer.com)

submitted 9 months ago by yogthos@lemmy.ml to c/firefox@lemmy.ml

2 comments fedilink hide all child comments

top 2 comments

sorted by: hot top controversial new old

[-] 001Guy001@lemm.ee 5 points 9 months ago

This type of flaw occurs when memory that has been freed is still used by the program

Am I understanding correctly that a memory leak has been fixed? Though it says that it relates specifically to "Animation timelines", so does it mean that the fix only affects the (small?) portion of the memory that's been used by that feature? Or any memory that should get freed but wasn't previously?

[-] PoolloverNathan@programming.dev 1 points 9 months ago

Based on your quite, this is a use-after-free, meaning that despite Firefox marking the memory region as free to be reallocated, it continues to use the memory. This is dangerous as an attacker may be able to allocate in that region, leetting them change the old structure's values.

this post was submitted on 09 Oct 2024

27 points (96.6% liked)

Firefox

20398 readers

172 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.

Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner

Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.

founded 5 years ago

MODERATORS

k_o_t@lemmy.ml

golden_zealot@lemmy.ml