### Security Approval Request * **How easily could an exploit be constructed based on the patch?**: The exploiter would need an intimate understanding of the recently landed code for indirect wasm calls, but given that i think the patch strongly hints at what's going on. The test case would certainly aid exploit construction; I can remove it and land it later. * **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?**: Yes * **Which older supported branches are affected by this flaw?**: FF96 * **If not all supported branches, which bug introduced the flaw?**: Bug 1742053 * **Do you have backports for the affected branches?**: Yes * **If not, how different, hard to create, and risky will they be?**: * **How likely is this patch to cause regressions; how much testing does it need?**: Does not need manual testing; unlikely to cause problems.
Bug 1745170 Comment 3 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
### Security Approval Request * **How easily could an exploit be constructed based on the patch?**: The exploiter would need an intimate understanding of the recently landed code for indirect wasm calls, but given that i think the patch hints clearly at what's going on. From there to an exploit takes a little thinking but not too much. (The test case is worse, but I've removed it to a different patch.) * **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?**: Maybe * **Which older supported branches are affected by this flaw?**: FF96 * **If not all supported branches, which bug introduced the flaw?**: Bug 1742053 * **Do you have backports for the affected branches?**: Yes * **If not, how different, hard to create, and risky will they be?**: * **How likely is this patch to cause regressions; how much testing does it need?**: Does not need manual testing; unlikely to cause problems.