> this is probably a mitigating control which would make exploit development much harder in case an exploit chain attempted to leverage one of those RWX areas for execution<p>This didn't pass the sniff test for me - this doesn't do anything to protect existing RWX regions, and a theoretical attacker that has the ability to inject arbitrary DLLs into the browser process already has access far beyond what the browser could protect.<p>Fortunately, because the browser in question (Firefox) is open source, we can find the change that added this code. This is a bit of a pain because the file has been renamed twice, but here it is: <a href="https://hg.mozilla.org/mozilla-central/rev/7d2e74c69253e57fd7569d1e969959c5f2a36663" rel="nofollow">https://hg.mozilla.org/mozilla-central/rev/7d2e74c69253e57fd...</a><p>And if we read the associated bug (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1322554" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=1322554</a>) we can see this is described as "policy decision", and this entire section of the code isn't exploit mitigation, but rather intended to block broken third party programs from injecting their buggy and poorly written DLLs into Firefox and causing bugs that users report to Mozilla.