JavaScript engines are a fundamental part of modern browsers, and many efforts have been invested in testing them to enhance their security. However, the incorporation of WebAssembly into JavaScript engines introduces new attack surfaces that have not received sufficient attention. Existing fuzzers for JavaScript engines primarily focus on JavaScript, neglecting WebAssembly code and its interactions with JavaScript. We introduce Mad-Eye, the first fuzzer that can test the JavaScript-WebAssembly interaction using a novel cross-language code fusion technique. Evaluations of Mad-Eye on V8, SpiderMonkey, and JavaScriptCore detected 21 previously unknown vulnerabilities, with 18 confirmed and 13 fixed and merged into mainstream browsers, who acknowledged our reports with vulnerability bounties.