Heap Exploitation

jemalloc/Mozilla Firefox

We have investigated in depth the exploitation of the jemalloc memory allocator and the Mozilla Firefox browser. Our research on this subject is divided into three parts.

The first part covers an in-depth analysis of the jemalloc memory allocator as used in the libc of the FreeBSD and NetBSD operating systems:

The second part of our research applied the exploitation primitives we have identified in the first part to the Mozilla Firefox browser. This work was presented a) in Las Vegas at the Black Hat USA 2012 information security conference, and b) in Athens at AthCon 2013:

The third part defines a reusable exploitation methodology against the latest versions of the Mozilla Firefox browser in the context of the modern protections provided by most operating systems. It was presented in Miami Beach at the INFILTRATE offensive security conference: