Single Typo in Firefox's JavaScript Engine Enables Remote Code Execution

A security researcher discovered that a single-character typo in Firefox’s JavaScript engine (SpiderMonkey) enabled remote code execution (RCE). The flaw involved an incorrect variable assignment in the Just-In-Time (JIT) compiler’s register allocation logic. This vulnerability was patched in Firefox 128 after being reported. The full technical details are documented in the linked blog post.