{"uuid": "70d93e11-ae4e-48a4-a105-83ad4eaf687e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8389", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116697621276964050", "content": "Somebody released a PoC for Firefox CVE-2026-8389, and it works.\nThe PoC doesn't include a sandbox escape, and claims that poc-win-sbx.html includes the escape.  This file was not shared in the repo.\nThe python server on localhost seems unnecessary, as the exploit web server can surely serve up primer.js the first time that payload.js is requested, and the actual payload.js the second time.  \ud83e\udd14", "creation_timestamp": "2026-06-05T12:59:48.629381Z"}