Running on 10.7. Both the 64 bits flags ------------------------------- otool -hv ~/t/FirefoxNightly.app/Contents/MacOS/firefox /Users/espindola/t/FirefoxNightly.app/Contents/MacOS/firefox: Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags MH_MAGIC_64 X86_64 ALL LIB64 EXECUTE 20 2552 NOUNDEFS DYLDLINK TWOLEVEL ------------------------------ and the 32 bit flags: ------------------------------ otool -arch i386 -hv ~/t/FirefoxNightly.app/Contents/MacOS/firefox /Users/espindola/t/FirefoxNightly.app/Contents/MacOS/firefox: Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags MH_MAGIC I386 ALL 0x00 EXECUTE 20 2052 NOUNDEFS DYLDLINK TWOLEVEL MH_NO_HEAP_EXECUTION ----------------------------- are missing PIE, which is set both in chrome and safari.

Note that PIE is less important in firefox than it is in chrome, because the firefox binary is mostly a stub, and all the code actually running is in dynamically loaded libraries.

(In reply to Mike Hommey [:glandium] from comment #1) > Note that PIE is less important in firefox than it is in chrome, because the > firefox binary is mostly a stub, and all the code actually running is in > dynamically loaded libraries. Note this is also true on windows, but not on linux, where the binary also contains e.g. memory allocation functions.

Firefox 46 is still not PIE. Also, Firefox enables MH_NO_HEAP_EXECUTION for i386 but not x86_64. Chrome enables MH_NO_HEAP_EXECUTION for x86_64. otool -hv /Applications/Firefox.app/Contents/MacOS/firefox Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags MH_MAGIC_64 X86_64 ALL LIB64 EXECUTE 22 2752 NOUNDEFS DYLDLINK TWOLEVEL BINDS_TO_WEAK otool -arch i386 -hv /Applications/Firefox.app/Contents/MacOS/firefox Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags MH_MAGIC I386 ALL 0x00 EXECUTE 22 2164 NOUNDEFS DYLDLINK TWOLEVEL BINDS_TO_WEAK MH_NO_HEAP_EXECUTION otool -hv /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags MH_MAGIC_64 X86_64 ALL LIB64 EXECUTE 24 2376 NOUNDEFS DYLDLINK TWOLEVEL PIE MH_NO_HEAP_EXECUTION otool -hv /Applications/Safari.app/Contents/MacOS/Safari Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags MH_MAGIC_64 X86_64 ALL LIB64 EXECUTE 18 1320 NOUNDEFS DYLDLINK TWOLEVEL PIE

From https://dxr.mozilla.org/mozilla-central/source/build/autoconf/compiler-opts.m4#335-337: # On OSX, the linker defaults to building PIE programs when targetting OSX 10.7+, # but not when targetting OSX < 10.7. OSX < 10.7 doesn't support running PIE # programs, so as long as support for OSX 10.6 is kept, we can't build PIE.

As for MH_NO_HEAP_EXECUTION: https://dxr.mozilla.org/mozilla-central/source/configure.in#2031-2032: With newer linkers we need to pass -allow_heap_execute because of Microsoft Silverlight (5.1.10411.0 at least).

(In reply to Mike Hommey [:glandium] from comment #5) > As for MH_NO_HEAP_EXECUTION: > https://dxr.mozilla.org/mozilla-central/source/configure.in#2031-2032: > With newer linkers we need to pass -allow_heap_execute because of > Microsoft Silverlight (5.1.10411.0 at least). This comes from bug 753248.

Also note comment 1 still applies.

We don't support 10.6 anymore (and I think we're also dropping Silverlight support in 53), so we could move forward on this now, right? Comment 1 notwithstanding, of course.