An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own By Sergiu Gatlan March 22, 2024 01:45 PM 0 Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. Manfred Paul (@_manfp) earned a $100,000 award and 10 Master of Pwn points after exploiting an out-of-bounds (OOB) write flaw (CVE-2024-29944) to gain remote code execution and escaping Mozilla Firefox's sandbox using an exposed d...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Users may have to upgrade twice to protect their browsers
Mozilla has swiftly patched a pair of critical Firefox zero-days after a researcher debuted them at a Vancouver cybersec competition. Manfred Paul demonstrated the bugs at Pwn2Own last week, the latest in the series of vulnerability and exploit events run by Trend Micro's Zero Day Initiative (ZDI). The event had security experts vying to exploit the most vulnerabilities across the competition, earning cash prizes and league table points for each success. Paul exploited two vulnerabilities, both ...
Vulmon