Tested on three Android devices (version 9, 13, 16) with different Firefox versions under 150 (had to modify for older).
Two boot looped, I had to enter recovery and the other just powered off [0].
Tip: Install a Chromium flavor browser (Chromite) separate from the main browser.
Disable Javascript and hardware accelerated video decoder (commonly exploited) from the flags page and enable reader mode to fix broken JS-dependent websites when browsing blogs and random sites on your personal devices, else dedicate a tablet.
Tested on three Android devices (version 9, 13, 16) with different Firefox versions under 150 (had to modify for older).
Two boot looped, I had to enter recovery and the other just powered off [0].
Tip: Install a Chromium flavor browser (Chromite) separate from the main browser.
Disable Javascript and hardware accelerated video decoder (commonly exploited) from the flags page and enable reader mode to fix broken JS-dependent websites when browsing blogs and random sites on your personal devices, else dedicate a tablet.
[0] IonStack https://rootme.nebusec.ai
fwiw, the firefox vulnerability seems to be CVE-2026-10702 (type confusion in the ionmonkey jit compiler): https://www.sentinelone.com/vulnerability-database/cve-2026-...
Forgot to include "LPE" (local...) in the title so most of us can get back to weekending.
they also found a type confusion in firefox/ionmonkey, so you can go from random website to pwned very quickly.
Since this enables container escape, sounds like this might still impact quite a lot of us?
>Google has rewarded us $92,337 in kernelCTF
I'm all ears now
Seems low considering the wide impact, but maybe the only thing corporations throw big money at is remote exploits?
That's a huge amount of money for a vulnerability.
Daaaaamn: "GhostLock was introduced in Linux 2.6.39 and fixed in Linux 7.1."
dupe of https://news.ycombinator.com/item?id=48834309
upvoted your submission!
isn't that the worst, when you post a breaking story first and someone else's dupe hits front page? upvoted your original :)
Also https://news.ycombinator.com/item?id=48826404
A what?
Use after free?