Type confusion
A transient execution vulnerability, named Floating Point Value Injection FPVI allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox.. This vulnerability...