3 matches found
Type confusion
Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1...
Firefox 66.0.1 - Array.prototype.slice Buffer Overflow Exploit
Firefox let size = 64; garr = ; j = 0; function gc var tmp = ; forlet i = 0;i...
Firefox 66.0.1 - Array.prototype.slice Buffer Overflow
Firefox 66.0.1 - Array.prototype.slice Buffer Overflow let size = 64; garr = ; j = 0; function gc var tmp = ; forlet i = 0;i...