Lobsters is a community-driven platform for sharing and discussing links to articles, tutorials, and projects related to technology and programming. Readers can learn about a wide range of topics, from software development and system administration to cybersecurity and artificial intelligence. With user submissions, comments, and voting, Lobsters provides a platform for collaborative learning and knowledge sharing among technology enthusiasts.

Lobsters

A single-character typo in Firefox's SpiderMonkey WebAssembly GC implementation led to a critical remote code execution vulnerability. The bug involved using bitwise AND (&) instead of OR (|) when setting a forwarding pointer, causing out-of-line arrays to be misidentified as inline arrays. This created a use-after-free condition exploitable through heap spraying to achieve arbitrary read/write primitives and ultimately RCE in the Firefox renderer process. The vulnerability only affected Firefox 149 Nightly and was patched before reaching release versions.

How a single typo led to RCE in Firefox – kqx