our ASLR is apparently not properly enabled
According to someone on twitter who just investigated my claim that Tor Browser was ASLR-enabled, this is not actually true. They took a screenshot with VMMap Sysinternals which I've attached.
I'm not sure when I'll be able to look into this -- hopefully this weekend. It would be great if someone else could figure out what's going on. I'm not able to access the Windows VM at the moment, but I looked through the objdump output of the DLLs and they seemed fine to me, but clearly something is missing.
Marking this is major since it's bad if true. Adding Tom Ritter since he might be able to help.