Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak
Posted by deepcore on May 29, 2019 – 9:30 am
Spidermonkey IonMonkey can, during a bailout, leak an internal JS_OPTIMIZED_OUT magic value to the running script. This magic value can then be used to achieve memory corruption.
Post a reply
You must be logged in to post a comment.