Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

March 25, 2024 at 11:04AM

Mozilla quickly patched two critical Firefox zero-day vulnerabilities after they were demonstrated by researcher Manfred Paul at the Pwn2Own event in Vancouver. The bugs, rated “critical,” allowed for out-of-bounds read/write and privileged code execution. Mozilla released Firefox 124.0.1 to address the vulnerabilities, with some users encountering upgrade issues. Paul earned a total prize of $202,500 for his exploits.

Summary:
– Manfred Paul demonstrated two critical Firefox vulnerabilities at the Pwn2Own competition in Vancouver, earning $100,000 for the Firefox exploits.
– The vulnerabilities were swiftly patched by Mozilla and released as Firefox 124.0.1 on March 22, providing protection for users.
– Some users encountered issues transitioning from Firefox 123 to 124.0.1, necessitating an intermediate upgrade to 124.0 before rescanning for updates to reach 124.0.1.
– Mozilla clarified that 124.0 was a staged roll-out, while 124.0.1 is un-throttled and available to all users due to security concerns.
– The Pwn2Own competition disclosed 29 unique zero-day vulnerabilities, with researchers earning a total of $1,132,500 in prizes for their efforts.

Let me know if you need any more information or if there’s anything else I can help you with.

Full Article