Firefox 0-Day targeting Tor-Users

Yesterday a Firefox 0-Day (currently unpatched vulnerability) was made publicly available. We have analyzed the exploit from begin to end and talk about the different stages, including: the exploit techniques that aim to defeat general protection mechanisms like ASLR and DEP, as well as more advanced protection mechanisms like Export Address Filtering from EMET, the shellcode and its similarity to the FBI-Exploit from 3 years ago.

Source: Security Blog G Data Software AG @ November 30, 2016 at 11:57AM