A hidden WebAssembly bug in Firefox exposed 180 million users to potential code execution.