Ladybird Browser LibJS Use-After-Free Vulnerability Allowing Remote Code Execution
Vulnerability
A use-after-free vulnerability has been identified in the LibJS component of the Ladybird browser, prior to the commit f5a6704. This vulnerability arises from improper management of memory related to the 'arguments_list' vector, which can be exploited by remote attackers to execute arbitrary code by crafting a malicious JavaScript file. The issue is particularly notable given that Ladybird is in a pre-alpha state, intended only for developers.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Reproduction
The vulnerability can be reproduced by creating a proxied constructor that manipulates the 'arguments_list' vector, triggering a memory reallocation. This can be done by passing a large number of arguments to the constructor, which causes the JavaScript engine to execute arbitrary code during the prototype retrieval process. The resulting use-after-free condition can then be exploited to execute arbitrary code.
Remediation
Users are advised to update to the latest version of Ladybird Browser, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.