The article describes a successful exploit against Firefox involving an out-of-bounds write vulnerability within the `Promise.allSettled` function, leading to remote code execution. The article does not provide a CVSS score, specific affected version ranges, a fixed version number, or any workarounds.
Learn hacking (ad): https://www.hextree.io We talk to Manfred Paul and learn about his research process. We also dive into the technical details about his JIT bug and learn about the optimization he exploited. part 1: https://www.youtube.com/watch?v=YQEq5s4SRxY part 2: https://www.youtube.com/watch?v=uXW_1hepfT4 (Spoilers) Firefox Security Response to pwn2own 2025: https://blog.mozilla.org/security/2025/05/17/firefox-security-response-to-pwn2own-2025/ =[ ❤️ Support ]= → My courses: https://www.hextree.io/ → My font: https://shop.liveoverflow.com/ → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join 2nd Channel: https://www.youtube.com/LiveUnderflow =[ 🐕 Social ]= → LinkedIn: https://www.linkedin.com/in/liveoverflow → X / Twitter: https://x.com/LiveOverflow/ → Instagram: https://instagram.com/LiveOverflow/ → Streaming: https://twitch.tv/LiveOverflow/ → TikTok: https://www.tiktok.com/@liveoverflow_ → Blog: https://liveoverflow.com/