Dear Mozilla Support Team, I am writing to report a significant security breach involving my Firefox browser that resulted in session hijacking my Firefox devloper browser email was ( ''[email removed]''@gmail.com ) in panic log out form my account and reset the laptop now I don't have access to the data and the compromise of multiple high-value accounts (Discord, Rockstar, and Telegram). Incident Details: Date of Incident: February 2026 Primary Exploit Identified: BeEF (Browser Exploitation Framework) OS: Windows 11 Symptoms: allowing an unauthorized party identified as operating from an IP in Vietnam to bypass 2FA by stealing active session tokens. Despite having security measures in place, the attacker successfully: Accessed my saved Google passwords. Reset my Rockstar Games and Discord account passwords. Gained access to my Telegram account (which has since been deleted). Technical Observations: Standard scans with Windows Defender and Malwarebytes did not immediately detect the "infostealer" responsible, suggesting the use of "Living-off-the-Land" (LotL) scripts or a sophisticated browser-based hook that persisted even after clearing basic cache. I am reporting this to help Mozilla investigate how Firefox's cookie storage and session management can be further hardened against BeEF-style hooks and unauthorized token extraction.