I built this for Pwn2Own Berlin 2026 as a renderer RCE entry against Firefox 150. The bug interestingly survived Mozilla's 423 (!) April security patch, but finally got killed in 150.0.3 as a last-minute fix.
This is tracked as CVE-2026-8390 and original report goes to OpenAI Preparedness, Bill Demirkapi. Publishing this just to show-off and give the exploit a proper goodbye.
demo.mp4
The interaction between Ion's array.copy lowering and the OOL storage path of wasm-GC arrays results in a use-after-free.
Ion caches the source data_ pointer across a runtime call into WasmArrayRefsMove while dropping the source array object from the frame.
So a minor GC inside that window frees the OOL block and the spray reclaims freed memory as AnyRef values.
With addrof and fakeobj primitives, the remaining parts are straightforward and well covered online. Build AAR / AAW, then pivot to JIT shellcode execution.
-
Run a webserver serve the given index.html file (e.g.
python3 -m http.server 8000) -
Start Firefox with
set MOZ_DISABLE_CONTENT_SANDBOX=1 -
Browse to
http://<attacker-ip>:8000
Result should be launching calc.exe as a result of shellcode execution.
RIP for all 6 firefox entries! I hear many teams ended up on the same patch.
It held up reliably on my setup, and hope it does for you too. Writeup may follow, but no technical support either way.
Cheers to all folks from Berlin!
-- kiddo [email protected]