What is the point of PAX when a lot of high-risk programs (which Firefox undoubtedly is) have mprotect disabled by default? Reproducible: Always Steps to Reproduce: 1. paxctl-ng -M /usr/lib64/firefox/firefox 2. $ firefox Actual Results: Segmentation fault Expected Results: Firefox sans JIT. I've tried putting --disable-ion into the ebuild, but the build fails after trying to precompile startup cache. IonMonkey is Firefox's JIT compiler and according to https://wiki.mozilla.org/IonMonkey I went digging and discovered that jit could be disabled in the old ebuilds (45* era). Why was this option removed?
Created attachment 513846 [details, diff] firefox-52.5.2.patch Attempt #1 at turning off JIT.
Cannot attach build log: "The file at https://bugs.gentoo.org/attachment.cgi is not readable.". "... IonMonkey is Firefox's JIT compiler and according to https://wiki.mozilla.org/IonMonkey" --disable-ion disables it.
Please feel free to reopen and update any bug report that can be duplicated with current esr builds, 60.x. If you feel your feature needs to be re looked at in any of these bugs reopen and update, please attach patches when appropriate. Thank you Mozilla Team