EIP-2026-103578

PRE-CVE

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103578. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a flaw in Spidermonkey's definite property analysis, where uninitialized memory is read due to incorrect handling of property access in catch blocks. It can lead to memory corruption or assertion failures in Firefox with unboxed objects enabled.

Description

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · javascriptdosmultiple
https://www.exploit-db.com/exploits/47085

This exploit demonstrates a flaw in Spidermonkey's definite property analysis, where uninitialized memory is read due to incorrect handling of property access in catch blocks. It can lead to memory corruption or assertion failures in Firefox with unboxed objects enabled.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Firefox 66.0.3 (with unboxed objects enabled)
No auth needed
Prerequisites: Firefox with `javascript.options.unboxed_objects` enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026