Is a "Reverse Heartbleed" exploit possible to read the client's memory?
So here's a question about the recently-discovered heartbleed OpenSSL bug.
Let's say I connect to a server with Firefox/Chrome. Could the server read the client's memory and extract cookies/history/sessions for other sites the client visited?
I'm not sure if firefox or chrome link against OpenSSL, but that could also be pretty tricky.
3 comments
[ 2.5 ms ] story [ 9.1 ms ] threadMore generally, it's my understanding that either end of a TLS connection can send a heartbeat request, so clients using openssl would be vulnerable (assuming they use an affected version, with heartbeat support).
a recursive search on the libraries linked to in Chrome on OSX shows that the OSX system wide Address Book uses OpenSSL. Specifically LDAP. Here is the dependency tree that leads to OpenSSL on OSX Mavericks:
0.9.8 is not effected so Chrome on OSX should be fine. (src: https://www.cert.fi/en/reports/2014/vulnerability788210.html -- versions 1.0.1 to 1.0.1f)Safari:
A similar search of safari shows some inclusion of OpenSSL code in the system wide Security.framework as a part of libsecurity_apple_csp. It is unlikely the bug crossed over as the inclusion is limited.
Firefox:On OSX it is using the same security framework as safari.