Elevating Privileges from Firefox to Android Root

kozika2 pts0 comments

IonStack - Nebula Security

IonStack

The first browser-to-kernel full-chain RCE on Android 17

Source code will be publicly available in

01234567890123456789Days

01234567890123456789Hours

01234567890123456789Minutes

01234567890123456789Seconds

Check our open source code<br>github.com/NebuSec/CyberMeowfia

A series of write-ups is coming soon.

Step 1: Download vulnerable Firefox 151<br>fenix-151.0.multi.android-arm64-v8a.apk (archive.mozilla.org)

Step 2: Live PWN<br>rootme.nebusec.ai/b9e3f1a4-7c82-4d6e-9a51-2f8c4b3e0d17

List of supported kernel

Expected result:

If your kernel is marked Supported , Step 2 should give you root and change your wallpaper as the visible success signal.

If it is not supported yet, the phone will crash and reboot instead, without damaging the device. You can also modify the exploit yourself to support your device.

Warning: Experimental Kernel Exploit

By clicking “Step 2”, you acknowledge and agree that this website will run an open-source kernel exploit on your device.

If successful, the exploit may perform the following actions:

Create temporary files inside Firefox’s private data storage.

Write files to /bin/su and /data/local/tmp/su.

Modify your device wallpaper.

Make system-level changes that may affect device stability.

This kernel exploit is experimental and may be unstable. It could cause unexpected behavior, crashes, data corruption, or permanent data loss.

Before continuing, you should:

Back up all important data.

Understand that this action may modify your device at the system level.

Proceed only on a device that you own or have explicit permission to test.

Accept full responsibility for any damage, instability, or data loss that may occur.

Do not continue unless you fully understand the risks.

I understand the risks and agree to run the exploit on this device.

Cancel<br>Continue to Step 2

Device not supported yet

Step 2 does not currently support PC or iOS devices. Please use a supported Android browser from the list, or build it yourself from<br>source code.

Close

device kernel step exploit data supported

Related Articles