How a single typo led to RCE in Firefox
Summary
This is a detailed security write-up by Erge describing a single-typo bug in Firefox's SpiderMonkey Wasm GC that allows code execution in the renderer. It includes the vulnerable commit, inline vs out-of-line Wasm array data, a POC leading to crashes and UAF, root cause analysis, an exploit chain, and a disclosure timeline. The piece highlights rapid disclosure and practical extraction techniques in a real-world browser security context.