Mozilla enables W^X in Firefox 46 to improve security

Status
Not open for further replies.

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Mozilla enabled the security feature W^X in Firefox Nightly (currently version 46) and plans to make it available to other versions of its web browser once they are upgraded to version 46.

W^X, spoken Write XOR Execute, is a security policy for memory that defines memory pages as either writable or executable, but not both. The feature is present in the OpenBSD operating system since 2003.

The OpenBSD base system has been modified to comply with it. This alleviates some buffer overflow attacks, including the most common stack-based attack: by ensuring that the stack is not executable, arbitrary code injected into it will not execute but instead cause the program to terminate

Most JIT (Just in Time) compilers use RWX (read-write-execute) permissions for memory pages which allows the compiler to patch code without performance overhead. This is the case for Firefox's current JIT compiler, but also for Chrome's or Safari's compiler.

While that is beneficial to the browser's performance while executing and running JavaScript code, it introduces issues at the same time.

Full article. Mozilla enables W^X in Firefox 46 to improve security - gHacks Tech News
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top