That Firefox issue has now been resolved as WONTFIX.
This part of the closing comment by David Anderson might also be
interesting here on this list:
-----
The best path forward for JIT security is sandboxed content processes,
which is in progress for both Desktop Firefox and Firefox OS. Sandboxing
will greatly reduce the threat of JIT exploits, and it's unlikely any
other solution will be as effective. For Desktop, it's part of the
Electrolysis effort:
[1]
https://wiki.mozilla.org/FoxInABox
[2]
https://wiki.mozilla.org/Electrolysis
-----
Cheers,
Andreas
---
Andreas Kuckartz:
> The security of Firefox/Iceweasel is important for the security of Tails.
>
> I therefore suggest to have a look at this old unresolved Firefox issue
> and vote for it. Years ago people working for RedHat spent a lot of time
> to create a patch which does not yet seem to have been applied.
> Resolving the issue would make Firefox more secure (even when SELinux is
> not used):
>
> SELinux is preventing JIT from changing memory segment access
> https://bugzilla.mozilla.org/show_bug.cgi?id=506693
>
> Cheers,
> Andreas
