Abstract: JavaScript engine vulnerabilities caused by language features is one of the important threats to the security of today’s software. Attackers often use JavaScript engine vulnerabilities to demonstrate remote code execution and gain controllability of the operating system. This paper introduces the basic information of the JavaScript engine, classifies the vulnerabilities that often appear in the engine, and summarizes the basic steps and development of static and dynamic analysis methods. Then it proposes the basic framework for detecting vulnerabilities in JavaScript engines, and discusses the detection efficiency, bottlenecks and possible solutions. At last, it points out future trends and some issues.

Key words: JavaScript engine vulnerability detection, type confusion, static analysis, fuzzing

摘要： 由于语言特性导致的JavaScript引擎漏洞是当今应用软件软件安全的重要威胁之一，攻击者通常间接利用JavaScript引擎漏洞造成远程命令执行，获得系统的控制权。介绍了引擎的基本信息，对引擎中经常出现的漏洞进行了分类，分别综述了静态和动态分析检测的基本步骤和发展脉络，提出了针对JavaScript引擎漏洞的检测基本框架，讨论了制约检测效率瓶颈问题以及可能的解决方法，结合最新的技术应用指出了未来的发展趋势和亟待解决的问题。

关键词: JavaScript引擎漏洞检测, 类型混淆, 静态分析, 模糊测试