back to article Get rich with Firefox or *(int *)NULL = 0 trying: Automated bug-bounty hunter build touted

Do you love Firefox, Linux, and the internet? Are you interested in earning money from the comfort of your own home? Are you OK with a special flavor of Firefox quietly gobbling up memory in a hunt for exploitable security bugs? If so, Mozilla has a deal for you. The open internet organization (and search licensing revenue …

  1. froberts2

    user-after-free()? How does that work?

    Perhaps you meant use-after-free?

    1. Woza

      I dunno, most users are after free stuff.

    2. Brian Miller

      void *p = malloc(1024);

      strcpy(p, "how now brown cow");


      /* go about other business, including more malloc()-free() */

      strcpy(p, "oh I forgot about the previous call to free()");

      /* BORKED! */

      There, you now know.

    3. Nick Kew

      Firefox caters to users who are after Free.

      (@Brian Miller - Whoosh!)

    4. diodesign (Written by Reg staff) Silver badge


      Just a typo, mate. Fixed. Email if you spot anything wrong, ta.


      1. Steve Aubrey

        Re: user-after-free()

        ". . . if you spot anything wrong"

        Errors in articles? May as well suggest that *I* would ever make a mistake. Perish the thought!

  2. EvaQ

    "Minimum 16GB RAM" must be true

    "Minimum 16GB RAM" must be true; I started this ASan Nightly Firefox version on my 4GB Core i3, and my Linux fully locked up and I had to press my power button.

    1. Def Silver badge

      Re: "Minimum 16GB RAM" must be true

      There's a reason for the high memory requirements. Basically the only way you can catch write-after-free bugs is by doing the following:

      Place every allocated memory block in its own virtual memory page. (Larger blocks require multiple pages, obviously.) This will instantly balloon your application's physical memory requirements because even a one byte memory block will now require at least one system memory page (usually at least 4096 bytes).

      You can also include a guard page (protected, allocated virtual address space, but not committed to physical memory) before to catch buffer underflow errors, or you can place your memory block at the end of the page(s) and put a guard page afterwards to catch buffer overflows.

      When you free that memory, you merely decommit (from physical memory) the pages, and change their access rights. Any writes to those addresses will now generate an access violation which you can catch and report. (Or your debugger, if attached, will catch for you.) This will balloon your application's virtual memory requirements, because once a page of virtual addresses has been used, it can never be reused.

      As an aside, early versions (maybe all versions) of Windows 7 seemed to have a hard limit of 128GB of virtual user address space per application. Windows 10 (and probably 8) don't have such a low limitation. (I don't know what the new limit is, but I've never hit it when running my memory manager in protected mode.)

  3. d3rrial

    Heavy download links embedded in mobile articles

    Like it's cool that you're linking to the download, but from a mobe it's not visible as the download link it is, and if I hadn't quickly found out how to abort a download, I would've just fine through my entire data limit...

    1. d3rrial

      Re: Heavy download links embedded in mobile articles

      *went through

  4. Dan 55 Silver badge


    Firefox sends core dumps to Mozilla anyway when it crashes so what's so different about this?

    1. EvaQ

      Re: Talkback

      Because AddressSanitizer also detects and reports illegal malloc/free/memory stuff does not (yet) cause a crash.

  5. John Lilburne

    They have two bugs

    1. My workflow addons don't work since they changed the scheme so I had to go back to an earlier release.

    2. They keep whining about the version of the browser being out of date.

    I know its out of date 'cos you bastards at FF screwed up the later releases.

    1. Dan 55 Silver badge

      Re: They have two bugs

      Firefox ESR 52 is still up to date... for another month then they're dropping that.

      So it's Waterfox, Basilisk, Pale Moon, Seamonkey or something else entirely. All have got pros and cons... I think I'll put the choice off another month.

      1. Michael Wojcik Silver badge

        Re: They have two bugs

        So it's Waterfox, Basilisk, Pale Moon, Seamonkey or something else entirely

        I've switched to Pale Moon on most of my machines. It's been usable.

        Had to disable the extension compatibility check so it would stop complaining about NoScript - likely the stupidest decision ever made by the PM team, and up there in the list of stupid decisions by any browser dev team ever. And then they abused users who complained, and issued dire warnings about disabling the compatibility check.

        I don't have great confidence in its long-term viability; the devs seem to be going down the Mozilla route of "fuck you, we know best".

        I may yet take a look at Waterfox or one of the other alternatives.

    2. J27 Silver badge

      Re: They have two bugs

      Fix those workflow addons yourself.

      It's not Mozilla's fault the authors haven't updated them and if you're not paying the authors to update them they don't owe you anything either.

      You sound like one of those people who thinks all software should be free and developers should have to live off of air alone.

      1. Dan 55 Silver badge

        Re: They have two bugs

        Firefox 57+ has a more limited API so they can't be ported. Are you suggesting he should add XUL extension compatibility to the new Firefox? Or are you suggesting he should fork Firefox 56 and keep up with security updates? Both are absurd.

  6. Adam 1

    > that Firefox engineers can fix

    That's quite a get out of jail card ya got there.

    But opt in == I approve of this message

  7. Robert Carnegie Silver badge

    Dilbert 26/07/1995

    "I was this close to making it my job..."

  8. Nick Kew

    Phoning home

    Methinks a fair few Reg commentards are among those who take offence at a product that phones home. Will you now be inviting Firefox to do so? And supplying it with more personal data (the address for any bounties) than any normal 'phone-home product would dream of?

    (Yes, I know, there's shades of phoning home, and this passes one important test of being opt-in. At least for one browser user).

  9. MatsSvensson


    10 DELETE feature

    20 GOTO 10

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021