Recently, Bug 1835876 made SpiderMonkey move back to RWX instead of W^X is because one of the more common attack patterns is to induce the JIT Engine to produce attacker code by embedding it in numerical constants or generated code produced in the RWX region. This attack, called JIT Spraying, is not affected by the W^X restriction, so the performance cost of the restriction was judged not worth the effort when this attack is common, easy to implement, and ignores the mitigation.

JIT Spraying works by knowing 2 things, the location and the content.

The mitigation implemented as part of this project are focused on making the generated assembly code both hard to guess (randomized relative locations) and hard to read (eXecutable-Only).

This meta bug is used to encapsulate any bug dealing with the implementation and evaluation of the JIT Spraying mitigation of SpiderMonkey.

A prototype got made as a fork of Firefox: https://github.com/nbp/gecko-dev/tree/bugzilla_1886557_prototype

Due to the lack of support for X-only pages on Windows and LTS versions of Linux Distributions today, this project awaits future decisions.