Security News > 2022 > May > Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!

Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!
2022-05-20 23:47

Just a short note to let you know that we were wrong about Firefox and Pwn2Own in our latest podcast.

We do know that Mozilla will be rushing to fix this one as soon as they get the details out of the Pwn2Own competition.

Accordingly, we speculated that Firefox 100.0.1, a mere point-release in which a brand new Windows security feature had suddenly been activated, was wrangled out specially, just in time for this year's Pwn2Own hacking competition in Vancouver, Canada.

With Pwn2Own taking place this very week, and with Firefox in the firing line from experienced and successful bug hunter Manfred Paul, maybe Mozilla figured that it was worth squeezing out 100.0.1 in time for the contest?

If Win32k Lockdown was supposed to stop the Pwn2Own attack, it didn't, although we don't doubt that the new sandbox protection will make plenty of future exploits harder to find and less reliable to use.

All proper bug bounties work this way, of course, but Pwn2Own isn't just about spotting possible bugs and calling them in with a crash log, it's about researching and writing up the bug and its dangers with careful and repeatable details, up to and including a working exploit.


News URL

https://nakedsecurity.sophos.com/2022/05/21/mozilla-patches-wednesdays-pwn2own-double-exploit-on-friday/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mozilla 29 13 631 583 266 1493