Two Firefox zero-days discovered, patched thanks to security researcher
The bugs were found during a Vancouver-based hacking contest, and Mozilla have already released patches.
Mozilla released an update to their Firefox browser on March 22, patching two recently discovered zero-day vulnerabilities. As reported by SecurityWeek, the critical vulnerabilities were used in tandem to escape Firefox’s sandbox and allowed remote code execution directly on the target system.
The first vulnerability is an out-of-bounds access flaw, leading to the bypass of range analysis, while the second is a privileged JavaScript execution issue that leads to escaping the Firefox sandbox.
The bugs are being tracked as CVE-2024-29943 and CVE-2024-29944, respectively. You can find more technical details about each CVE directly from Mozilla here.
SecurityWeek also reports that both vulnerabilities were found by security researcher Manfred Paul at the recent Pwn2Own hacking contest. Paul received a whopping $100,000 reward for finding these vulnerabilities during the Vancouver-based event.
Paul also won another $100,000 for his efforts hacking on other browsers like Safari, Chrome, and Edge. Needless to say, he was declared the winner of the event, and the digital world is all the more secure because of him.
Tags: #News Comments: Discuss...