Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox

  • We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.

Export metadata

Additional Services

Share in Twitter Search Google Scholar
Metadaten
Author:Felix Schuckert, Max Hildner, Basel Katt, Hanno LangwegGND
URL:https://dl.gi.de/bitstream/handle/20.500.12116/16298/sicherheit2018-08.pdf
DOI:https://doi.org/10.18420/sicherheit2018_08
ISBN:978-3-88579-675-6
Parent Title (German):Sicherheit 2018 : Sicherheit, Schutz und Zuverlässigkeit : Konferenzband der 9. Jahrestagung des Fachbereichs Sicherheit in der Gesellschaft für Informatik e. V. (GI) : 25. - 27. April 2018 in Konstanz
Publisher:Gesellschaft für Informatik e.V.
Place of publication:Bonn
Document Type:Conference Proceeding
Language:English
Year of Publication:2018
Opac ID:Im Katalog der Hochschule Konstanz ansehen
Release Date:2019/01/14
First Page:107
Last Page:118
Institutes:Fakultät Informatik
Open Access?:Ja
Relevance:Keine peer reviewed Publikation (Wissenschaftlicher Artikel und Aufsatz, Proceeding, Artikel in Tagungsband)
Licence (German):License LogoCreative Commons - CC BY-SA - Namensnennung - Weitergabe unter gleichen Bedingungen 4.0 International