ggwhyp
11 posts
Great bug, thank you for the detailed report.
We just released 150.0.3 to fix this.
mozilla.org/en-US/security…
ggwhyp@ggwhyp
I was hoping to compete in Pwn2Own with a Firefox full-chain entry, but unfortunately it was rejected. I’ve reported the vulnerability to the Mozilla team.
English
I want to clarify my disclosure. After I couldn’t participate in Pwn2Own due to capacity limits, I reported my findings through the vendor’s official process, as I believed it was the best course of action available to me. This was not revenge or an attempt to disrupt anyone.
English
@TheDog0402 The RCE was found via manual audit, while the sandbox escape was found using an LLM. The LLM alone couldn’t find the RCE (though it may be due to my limited skill), but with LLM-assisted analysis, it likely would’ve been found ~10× faster.
English
@CarriKleib79705 @LunacySoft I used GPT 5.5 xhigh. There can be some gaps in vulnerability analysis, but root cause analysis generally works reliably.
English
@ggwhyp @LunacySoft local LLM or service? which model didn't work?
English
@MikeyFromUK No, the vulnerability can be exploited remotely without any user interaction required.
English
@LunacySoft Of course. In the case of the RCE bug, it was found through manual auditing. Interestingly, even when I tried to guide an LLM to find the bug, it still struggled to identify it reliably. I’m also considering writing about this aspect as well.
English
@MiniMjStar I plan to publish a technical analysis report after the release build has been patched and an appropriate amount of time has passed to ensure safe public disclosure.
English
@ggwhyp they allowed to disclose this? and make a writeup about it?
English