2 matches found
Mozilla: Incorrect code generation during JIT compilation
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash...
Mozilla: Incorrect AliasSet used in JIT Codegen
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability, this could have been used for an out-of-bounds memory read...