W
Somebody released a PoC for Firefox CVE-2026-8389, and it works.
The PoC doesn't include a sandbox escape, and claims that poc-win-sbx.html includes the escape. This file was not shared in the repo.
The python server on localhost seems unnecessary, as the exploit web server can surely serve up primer.js the first time that payload.js is requested, and the actual payload.js the second time. 
@cR0w
"Don't have YouTube"...
YouTube is a website?
An 8TB hard drive that was $129.99 a year ago is now $299.99.
Thanks, AI. You're really making the world a better place.
@GossiTheDog
At least in my case, that's covered by the \\example.com\pwned.exe case.
In preparation for an upcoming blog post, I wondered about the various ways that Windows can refer to a remote WebDAV resource.
These all work:
\\example.com\pwned.exe
\/example.com\pwned.exe
file://example.com\pwned.exe
file:/\example.com\pwned.exe
file:\/example.com\pwned.exe
file:\\example.com\pwned.exe
file:////example.com\pwned.exe
file:///\example.com\pwned.exe
file://\/example.com\pwned.exe
file://\\example.com\pwned.exe
file:/\//example.com\pwned.exe
file:/\/\example.com\pwned.exe
file:/\\/example.com\pwned.exe
file:/\\\example.com\pwned.exe
file:\///example.com\pwned.exe
file:\//\example.com\pwned.exe
file:\/\/example.com\pwned.exe
file:\/\\example.com\pwned.exe
file:\\//example.com\pwned.exe
file:\\/\example.com\pwned.exe
file:\\\/example.com\pwned.exe
file:\\\\example.com\pwned.exe
These don't, presumably because windows treats the leading / as meaning it comes from the local filesystem:
//example.com\pwned.exe
/\example.com\pwned.exe
Once in a blue moon, I see something on Temu that I might consider buying.
And then I'm bombarded by spinning wheels that land on "one more spin", and then "(up to) 100% off", explosions, confetti, yelling in ALL CAPS, required app install with notifications. At which point I power off my phone and go outside.
I'm afraid to ask if there is a customer base out there that enjoys this sort of stuff, or if it's merely willing to put up with to maybe get a good deal. Surely it's the former, as otherwise why would the company subject potential customers to it? 
β
οΈ
CIFSwitch has been assigned CVE-2026-46243.
@GossiTheDog
They're on to you.
@GossiTheDog
It's weird that something can be on the internet and also be incorrect.
@sysop408
You mean Outlook (classic) or Outlook (new)? 
@autinerd
How can one have an HTML email without mso-element support?
@Taco_lad @scottwilson
I think that wwlib.dll (Microsoft Word) was indpendently developed from IE or any of the other web engines that may be present on Windows.
I'm no expert, but I get the impression that Microsoft Word is perhaps not the best choice for rendering HTML content.
But what else is Outlook supposed to use to render HTML emails?
LOL. From over at the bad site:
An html email will crash Outlook.
Granted, it's "harmless" (stack overflow (exhaustion)), but I dunno... I sort of expect the act of rendering an HTML email that uses CSS to not crash my mail client?
Bonus points:
Tapping anywhere else on the screen does the exact same thing as the Done button (the flashlight stays on but you see the rest of Android.
Wonders:
1) Did they have anyone other than the developer use this dialog before deploying it to the masses?
2) Why does the Done button even exist?
Android user who is done using the flashlight presses what button?
Tired of Linux LPEs?
Good.
CIFSwitch is for you. It's not quite as universal as recent ones (distro compatibility table), but it works.
No CVE, as it seems that we don't do CVEs so much these days.
It's patched in the kernel on May 19, but who knows who is protected. (See comment about no CVE)
The openSUSE peeps have figured out some crazy compression, it seems. 107.0 B for everything!