I received a note about the new Firefox vulnerability yesterday. I ran the proof-of-concept on my Debian machine, using first Epiphany and then Iceweasel. Didn’t work on either. Then I fired up a VMWare image running Windows, with a stock Firefox from mozilla. The proof-of-concept worked just as advertised. So, are the reports missing something (not exploitable on all OSs), or am I just lucky that Debian decided to move to Iceweasel?