CVE-2023-25746

Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 102.8 and Firefox ESR 102.8...

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access Exploit

/ Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...

Mozilla Spidermonkey - IonMonkey (Array.prototype.pop) Type Confusion Exploit

The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: 1, a: 2, a: 3, a: 4; function v7v8,v9 if v4.length == 0 v43 = a: 5; ...