An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125.
Mozilla Foundation Security Advisory 2024-18
Security Vulnerabilities fixed in Firefox 125
Announced
April 16, 2024
Impact
high
Products
Firefox
Fixed in
Firefox 125
...