Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
mozilla.dev.tech.js-engine
Message from discussion CVE-2012-0464

View parsed - Show only message text

Received: by 10.68.236.198 with SMTP id uw6mr9953035pbc.3.1334590158345;
        Mon, 16 Apr 2012 08:29:18 -0700 (PDT)
Path: r9ni63235pbh.0!nntp.google.com!news1.google.com!Xl.tags.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!nntp.mozilla.org!news.mozilla.org.POSTED!not-for-mail
NNTP-Posting-Date: Mon, 16 Apr 2012 10:29:17 -0500
Date: Mon, 16 Apr 2012 10:29:11 -0500
From: Joshua Cranmer <Pidgeo...@verizon.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
Newsgroups: mozilla.dev.tech.js-engine
Subject: Re: CVE-2012-0464
References: <edb1c5b8-608b-4755-9b66-e8ade4b00dc5@2g2000yqk.googlegroups.com>
In-Reply-To: <edb1c5b8-608b-4755-9b66-e8ade4b00dc5@2g2000yqk.googlegroups.com>
Message-ID: <QLudnScxZO9QpxHSnZ2dnUVZ_r6dnZ2d@mozilla.org>
Lines: 15
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 108.199.240.147
X-AuthenticatedUsername: NoAuthUser
X-Trace: sv3-s5TzZ692qaTm80ZQ+fs6l2z+fJMfinDW0rwuKF53ILOPfHyyNarzImu9uM3B4w73R1CwDPrecZx9XcS!vLzK/2Uji8sXW6cM59GK/+T2thJYywHjEQKF5JJ8eijfBrdRnA/kV50/tW+pwxLuo2i/+Pi6IFG8!iWyfxRuUWEPWMHc=
X-Complaints-To: abuse@mozilla.org
X-DMCA-Complaints-To: ab...@mozilla.org
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 1982
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 4/16/2012 9:48 AM, IHNames wrote:
> Hello everybody,
>
> I am currently working on my thesis, in which I try to evaluate the
> security-implications of JIT-compilation (and ways to improve security
> there).
> I also made some slight modifications to the js-tracer (in particular,
> I made nanojit mark its code-pages read/write instead of rwx). Now, I
> would like to test my changes on a real bug. For this purpose, the
> array.join("") problem revealed in the Pwn2Own contest looks
> interesting.

 From what I can tell of the relevant bug, the array.join("") problem 
was caused by a GC hazard, which would mean that it has absolutely 
nothing to do with JIT compilation.

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google