Posted by Tavis Ormandy on May 01

PIN <zero () asac co> wrote:

It sounds like you’re asking “If I can learn an address, have I defeated
ASLR”, and the answer is usually yes. It depends on the circumstances of
course, but leaking any address to an attacker would usually be considered a
bug and renders ASLR essentially useless.

For example, if you can find some JavaScript that tells you the address of
an object on the heap or the base address of a module,…