Mozilla enables W^X in Firefox 46 to improve security
Mozilla enabled the security feature W^X in Firefox Nightly (currently version 46) and plans to make it available to other versions of its web browser once they are upgraded to version 46.
W^X, spoken Write XOR Execute, is a security policy for memory that defines memory pages as either writable or executable, but not both. The feature is present in the OpenBSD operating system since 2003.
The OpenBSD base system has been modified to comply with it. This alleviates some buffer overflow attacks, including the most common stack-based attack: by ensuring that the stack is not executable, arbitrary code injected into it will not execute but instead cause the program to terminate
Most JIT (Just in Time) compilers use RWX (read-write-execute) permissions for memory pages which allows the compiler to patch code without performance overhead. This is the case for Firefox's current JIT compiler, but also for Chrome's or Safari's compiler.
While most modern operating systems store code in executable but non-writable memory, RWX JIT code is an exception to this which makes it a target for attacks. In addition, memory corruption can be an issue as well.
Mozilla's implementation of W^X makes all JIT code pages non-writable by default. If the browser needs to write to pages, a function needs to be called to explicitly make the page writable and remove the execute flag at the same time.
Once the write operation has been run, its permissions are changed to read and execute once again.