Mozilla issued a security advisory concerning a JavaScript register allocation vulnerability which could lead to type confusion and allow for arbitrary read and write in Firefox, Firefox ESR.

This could ultimately result in remote code execution attacks can be carried out inside the sandboxed content process when triggered.

Researchers described the issue as a vulnerability in which the “JavaScript JIT compiler inlines Array.prototype.push with multiple arguments” resulting in the stack pointer being off by eight bytes after a bailout, according to the Oct. 2advisory

MOzillaUpdate
MOzillaUpdate

“This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process,” researchers said.

Last month Mozilla patched a set of critical memory safety bugs, some of which showed evidence of memory corruption and could be exploited for arbitrary code. The update also consisted of three high severity bugs, tow of which were use-after-free vulnerabilities.