Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox
Chapter
Published version
Åpne
Permanent lenke
http://hdl.handle.net/11250/2591307Utgivelsesdato
2018Metadata
Vis full innførselSamlinger
Originalversjon
10.18420/sicherheit2018_08Sammendrag
We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.