upvote
> this exploit can be triggered from inside a tightly sandboxed process

Thank you for emphasizing this important detail.

> you should update both firefox, and your linux kernel

No doubt, update all the things! My point was, it can most likely wait until Monday.

reply
Realistically, if you have a browser sandbox, the system LPE exploit gives you very little more. Everything interesting on a desktop system is accessible by the user account directly.
reply
This gets you code execution in the kernel, at which point sandboxing is irrelevant.
reply