Other examples I recall when looking into this: Zotero browser connector for Firefox, Chrome Remote Desktop for Firefox (I think it adds a few features for connections to remote desktops)
I have seen some demos online such as WebVM [1] that use ephemeral devices to enable networking within the browser. It sounds like there is now a limit on the total length of ephemeral sessions on an account that last less than 240 minutes. While I'm not currently affected by this limit, it does seem rather arbitrary.
Hi, lead dev of WebVM here. Can you link to the specific change that affects ephemeral devices? I cannot find this reference in the article.
Keep in mind that we also plan to offer builtin networking in the near future, we are developing the infrastructure to do so as part of our newest product (In-browser sandboxes): https://browserpod.io
Thanks for sharing. I see how this could impact heavy user, but there is always the option of authenticating via a non-ephemeral auth key as a potential workaround. It's not integrated in the public WebVM UI, but it is supported by the underlying engine (CheerpX).
Notably these exploits were originally patched for newer devices in 2023 and 2024. However, the Coruna exploits are now publicly available because some of the IOC URLs mentioned in Google's recent blog post [1] were found to still be live. Jailbreakers are already repurposing the code to make web-based tools [2].
EDIT: if they still have the profile they can actually find the crash ID for their crash report: https://support.mozilla.org/en-US/kb/troubleshoot-firefox-cr...
reply