Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak
Posted on 28 May 2019
Spidermonkey IonMonkey can, during a bailout, leak an internal JS_OPTIMIZED_OUT magic value to the running script. This magic value can then be used to achieve memory corruption.
