whatisgithub

What is ffffirefox?

kiddo-pwn/ffffirefox — explained in plain English

Analysis updated 2026-05-18

64JavaScriptAudience · researcherComplexity · 5/5Setup · hard

In one sentence

A published proof-of-concept exploit for a patched Firefox use-after-free vulnerability, released after the bug was fixed and used at a hacking competition.

Mindmap

mindmap
  root((FFFFirefox))
    What it does
      Exploits CVE-2026-8390
      Targets Firefox 150
      Demonstrates code execution
    Tech stack
      JavaScript
      WebAssembly GC
    Use cases
      Security research
      Vulnerability study
    Audience
      Security researchers
      Browser engineers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study how a use-after-free bug in Firefox's JavaScript engine was exploited.

USE CASE 2

Learn browser exploitation techniques from a real, patched vulnerability.

USE CASE 3

Research how WebAssembly GC memory handling can be abused.

USE CASE 4

Reference the CVE-2026-8390 writeup when analyzing similar browser bugs.

What is it built with?

JavaScript

How does it compare?

kiddo-pwn/ffffirefoxpolyhelper/polyhelperstephengrider/coffeescript-ionic-starter
Stars646563
LanguageJavaScriptJavaScriptJavaScript
Last pushed2015-03-30
MaintenanceDormant
Setup difficultyhardhardmoderate
Complexity5/54/52/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires a specific unpatched Firefox 150 build to reproduce, patched in 150.0.3.

So what is it?

FFFFirefox is a published proof-of-concept exploit for a security vulnerability in the Firefox web browser, specifically targeting version 150. The bug, tracked as CVE-2026-8390, was originally created as a competition entry for Pwn2Own Berlin 2026, a well-known hacking contest where security researchers attempt to break into software for cash prizes. The author released the code publicly after Mozilla patched the vulnerability in Firefox 150.0.3. The underlying bug is a memory safety issue called a use-after-free. This happens when a program frees a block of memory but then accidentally continues to use a pointer to that now-freed location. In this case, the bug is in Firefox's JavaScript engine (called Ion) and its handling of WebAssembly GC (a relatively new feature that lets WebAssembly code manage objects with automatic memory management). Ion cached a pointer to source data while a garbage collector run could free that memory in between, and a memory spray technique was used to place attacker-controlled data in the freed location. From there, standard browser exploitation techniques were used to achieve arbitrary code execution, meaning the attacker's code runs with the browser's permissions. This repository is of interest primarily to security researchers and browser engineers studying how browser vulnerabilities are discovered and exploited. It is not intended for general use. The vulnerability is patched in Firefox 150.0.3 and later.

Copy-paste prompts

Prompt 1
Explain how the use-after-free bug in FFFFirefox's Ion engine works step by step.
Prompt 2
Walk me through how memory spraying is used in this Firefox exploit.
Prompt 3
Summarize what CVE-2026-8390 is and how Firefox 150.0.3 fixed it.
Prompt 4
Help me understand how WebAssembly GC pointers were mishandled in this exploit.

Frequently asked questions

What is ffffirefox?

A published proof-of-concept exploit for a patched Firefox use-after-free vulnerability, released after the bug was fixed and used at a hacking competition.

What language is ffffirefox written in?

Mainly JavaScript. The stack also includes JavaScript.

How hard is ffffirefox to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is ffffirefox for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.