git404hub

what is ffffirefox fr?

kiddo-pwn/ffffirefox — explained in plain English

Analysis updated 2026-05-18

64JavaScriptAudience · researcherComplexity · 5/5Setup · hard

tl;dr

A published proof-of-concept exploit for a patched Firefox use-after-free vulnerability, released after the bug was fixed and used at a hacking competition.

vibe map

mindmap
  root((FFFFirefox))
    What it does
      Exploits CVE-2026-8390
      Targets Firefox 150
      Demonstrates code execution
    Tech stack
      JavaScript
      WebAssembly GC
    Use cases
      Security research
      Vulnerability study
    Audience
      Security researchers
      Browser engineers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Study how a use-after-free bug in Firefox's JavaScript engine was exploited.

VIBE 2

Learn browser exploitation techniques from a real, patched vulnerability.

VIBE 3

Research how WebAssembly GC memory handling can be abused.

VIBE 4

Reference the CVE-2026-8390 writeup when analyzing similar browser bugs.

what's the stack?

JavaScript

how it stacks up fr

kiddo-pwn/ffffirefoxreal-elysia886/todo-tree-nextwordpress-gcb/gutenberg-control-blocks-lite
Stars646464
LanguageJavaScriptJavaScriptJavaScript
Setup difficultyhardeasymoderate
Complexity5/52/54/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · hard time til it works · 1day+

Requires a specific unpatched Firefox 150 build to reproduce, patched in 150.0.3.

in plain english

FFFFirefox is a published proof-of-concept exploit for a security vulnerability in the Firefox web browser, specifically targeting version 150. The bug, tracked as CVE-2026-8390, was originally created as a competition entry for Pwn2Own Berlin 2026, a well-known hacking contest where security researchers attempt to break into software for cash prizes. The author released the code publicly after Mozilla patched the vulnerability in Firefox 150.0.3. The underlying bug is a memory safety issue called a use-after-free. This happens when a program frees a block of memory but then accidentally continues to use a pointer to that now-freed location. In this case, the bug is in Firefox's JavaScript engine (called Ion) and its handling of WebAssembly GC (a relatively new feature that lets WebAssembly code manage objects with automatic memory management). Ion cached a pointer to source data while a garbage collector run could free that memory in between, and a memory spray technique was used to place attacker-controlled data in the freed location. From there, standard browser exploitation techniques were used to achieve arbitrary code execution, meaning the attacker's code runs with the browser's permissions. This repository is of interest primarily to security researchers and browser engineers studying how browser vulnerabilities are discovered and exploited. It is not intended for general use. The vulnerability is patched in Firefox 150.0.3 and later.

prompts (copy fr)

prompt 1
Explain how the use-after-free bug in FFFFirefox's Ion engine works step by step.
prompt 2
Walk me through how memory spraying is used in this Firefox exploit.
prompt 3
Summarize what CVE-2026-8390 is and how Firefox 150.0.3 fixed it.
prompt 4
Help me understand how WebAssembly GC pointers were mishandled in this exploit.

Frequently asked questions

what is ffffirefox fr?

A published proof-of-concept exploit for a patched Firefox use-after-free vulnerability, released after the bug was fixed and used at a hacking competition.

What language is ffffirefox written in?

Mainly JavaScript. The stack also includes JavaScript.

How hard is ffffirefox to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is ffffirefox for?

Mainly researcher.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.