Jit

A critical JIT miscompilation vulnerability (CVE-2026-4698) in the JavaScript engine affects Firefox and Thunderbird, potentially leading to remote code execution.

A shellcode loader dubbed 'Lucky Pasta' employs JIT decryption, string obfuscation, dynamic library loading, fiber-based execution, and AES instruction patching to evade AV detection, retrieving shellcode via HTTP/HTTPS and executing it on Windows systems.