Security News > 2022 > May > Mozilla fixes Firefox, Thunderbird zero-days exploited at Pwn2Own
Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest.
If exploited, the two critical flaws can let attackers gain JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird.
Manfred Paul earned $100,000 and 10 Master of Pwn points after demoing prototype pollution and improper input validation bugs on the first day of Pwn2Own.
Mozilla patched these vulnerabilities two days after they were exploited and reported at the Pwn2Own hacking contest by Manfred Paul.
Vendors don't usually hurry to release patches after Pwn2Own since they have 90 days to push security fixes until Trend Micro's Zero Day Initiative publicly discloses them.
Pwn2Own 2022 Vancouver ended on May 20 after 17 competitors earned $1,155,000 for zero-day exploits and exploit chains demonstrated over three days after 21 attempts.
News URL
Related news
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Mozilla patches critical Firefox vuln that attackers are already exploiting (source)
- Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- QNAP patches second zero-day exploited at Pwn2Own to get root (source)
- Synology hurries out patches for zero-days exploited at Pwn2Own (source)