<![CDATA[Somebody released a PoC for Firefox CVE-2026-8389, and it works.]]>

<![CDATA[Somebody released a PoC for Firefox CVE-2026-8389, and it works.]]>Somebody released a PoC for Firefox CVE-2026-8389, and it works.

The PoC doesn't include a sandbox escape, and claims that poc-win-sbx.html includes the escape. This file was not shared in the repo.

The python server on localhost seems unnecessary, as the exploit web server can surely serve up primer.js the first time that payload.js is requested, and the actual payload.js the second time.

]]>https://board.circlewithadot.net/topic/2aa0db10-4688-4e62-8315-79ce274aece7/somebody-released-a-poc-for-firefox-cve-2026-8389-and-it-works.RSS for NodeFri, 05 Jun 2026 17:37:24 GMTFri, 05 Jun 2026 12:59:47 GMT60