Attack Surface Reduction Works

According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in E4X, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 – 16.0.2, as well as Firefox 10.0 ESR – the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the E4X library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR.

Good riddance to E4X.

One thought on “Attack Surface Reduction Works

  1. It seems there is quite a high reliance on ESR releases for finding stable exploits. The rapid release cycle is doing quite a good job of making these exploits harder to target apparently. There are some very important lessons to be learned from these revelations.