Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox
- We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.
| Author: | Felix SchuckertORCiD, Max Hildner, Basel KattORCiD, Hanno LangwegORCiDGND |
|---|---|
| URL: | https://dl.gi.de/bitstream/handle/20.500.12116/16298/sicherheit2018-08.pdf |
| DOI: | https://doi.org/10.18420/sicherheit2018_08 |
| ISBN: | 978-3-88579-675-6 |
| Parent Title (German): | Sicherheit 2018 : Sicherheit, Schutz und Zuverlässigkeit : Konferenzband der 9. Jahrestagung des Fachbereichs Sicherheit in der Gesellschaft für Informatik e. V. (GI) : 25. - 27. April 2018 in Konstanz |
| Publisher: | Gesellschaft für Informatik e.V. |
| Place of publication: | Bonn |
| Document Type: | Conference Proceeding |
| Language: | English |
| Year of Publication: | 2018 |
| Identifier: | Im Katalog der Hochschule Konstanz ansehen |
| Release Date: | 2019/01/14 |
| First Page: | 107 |
| Last Page: | 118 |
| Institutes: | Fakultät Informatik |
| Open Access?: | Ja |
| Licence (German): |  Creative Commons - CC BY-SA - Namensnennung - Weitergabe unter gleichen Bedingungen 4.0 International |
