Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
No PoCs from references.
- https://github.com/5211-yx/javascript_fuzzer
- https://github.com/TimerIzaya/fuzzilli-plus
- https://github.com/TimerIzaya/izayailli
- https://github.com/googleprojectzero/fuzzilli
- https://github.com/zhangjiahui-buaa/MasterThesis