MozillaZine

Force randomization for images (Mandatory ASLR) and Firefox

Discussion of general topics about Mozilla Firefox
tbdkqjyjkyk

User avatar
 
Posts: 95
Joined: October 30th, 2006, 1:38 pm

Post Posted January 5th, 2018, 9:50 am

Should I enable Force randomization for images (Mandatory ASLR) for Firefox 52.5.3 ESR?

In new Windows 10's exploit protection, iexplore.exe and Office programs have this setting enabled by default. Is there any benefit in enabling the same system override setting for Firefox.exe ?

Image

Image
Last edited by tbdkqjyjkyk on January 5th, 2018, 10:59 am, edited 2 times in total.

Brummelchen
 
Posts: 2859
Joined: March 19th, 2005, 10:51 am

Post Posted January 5th, 2018, 10:25 am

ASLR is OS dependent, but common current OS can do and firefox will use.
https://sourceforge.net/projects/processhacker/

In new Windows 10's exploit protection

not relevant. since xp present, even stronger since win8.

tbdkqjyjkyk

User avatar
 
Posts: 95
Joined: October 30th, 2006, 1:38 pm

Post Posted January 5th, 2018, 10:58 am

Brummelchen wrote:ASLR is OS dependent, but common current OS can do and firefox will use.
https://sourceforge.net/projects/processhacker/

In new Windows 10's exploit protection

not relevant. since xp present, even stronger since win8.



looks like you have not seen the new user settings in Windows 10 v1709. see the screenshots I added, they are all default settings.
question is, like iexplore.exe, should I add the same system override setting for Firefox ?

Brummelchen
 
Posts: 2859
Joined: March 19th, 2005, 10:51 am

Post Posted January 5th, 2018, 1:24 pm

exploit protection is like any exploit protection with injecting modules.
forcing is not new what i tried to tell you
https://computernewagedotcom.files.word ... ening1.png

firefox can use it on current systems -> NO NEED to force
THATS why i linked process hacker for you - you should use it!

forcing is in common for older programs.

but yes, my win10 ltsb is still 1603 as ltsb should be. but that is not relevant for forcing aslr.

"mandatory aslr" explained
https://blogs.technet.microsoft.com/srd ... tory-aslr/

aslr is same important as DEP and CFG is the goal (chrome already using)
integrity to mention -> sandboxing.

Return to Firefox General


Who is online

Users browsing this forum: No registered users and 1 guest