CVE-2025-4919: Corruption via Math Space in Mozilla Firefox

**Executive summary:** The report details a high-quality bounds-check elimination bug in a JavaScript engine's JIT/RangeAnalysis that, when combined with large typed-array allocations, enables controlled out-of-bounds reads and writes. The author describes gaining addrOf and fakeObj primitives by corrupting Map pointers, building fake objects and overlapping ArrayBuffers to achieve arbitrary read/write, and using WASM-embedded shellcode to obtain code execution; a public demo and Pwn2Own disclosure are referenced.