cd /news/ai-safety/elevating-privileges-from-firefox-to… · home topics ai-safety article
[ARTICLE · art-47414] src=rootme.nebusec.ai ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

Elevating Privileges from Firefox to Android Root

Security researchers at NebuSec have achieved the first full-chain remote code execution from a browser to the kernel on Android 17, exploiting Firefox 151 to gain root access. The exploit, dubbed CyberMeowfia, is open-source and targets specific kernels, with a live demonstration available for testing.

read1 min views1 publishedJul 3, 2026

IonStack

The first browser-to-kernel full-chain RCE on Android 17 Source code will be publicly available in

Check our open source code github.com/NebuSec/CyberMeowfia

Step 1: Download vulnerable Firefox 151 fenix-151.0.multi.android-arm64-v8a.apk (archive.mozilla.org)

Step 2: Live PWN rootme.nebusec.ai/b9e3f1a4-7c82-4d6e-9a51-2f8c4b3e0d17

List of supported kernel #

Expected result:

If your kernel is marked **Supported**, Step 2 should give you root and change your wallpaper as the visible success signal.

If it is not supported yet, the phone will crash and reboot instead, without damaging the device. You can also modify the exploit yourself to support your device.
── more in #ai-safety 4 stories · sorted by recency
── more on @nebusec 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/elevating-privileges…] indexed:0 read:1min 2026-07-03 ·