Firefox is supposed to have sandboxing, right? Does this sandboxing help against such attacks? As in: is there a second attack on the sandbox needed to get RCE?
From the article: "Following a request for additional details from ZDNet, Groß said "the bug can be exploited for RCE [remote code execution] but would then need a separate sandbox escape" in order to run code on an underlying operating system."
Some one mentioned this is being used against crypto owners; get in and perhaps read session cookies for a web wallet? Or combine with another zero-day. Any one with this has serious resources and probably a good team.
