- Apr 21, 2016
- 4,370
When you have a lot of manpower, patching security vulnerabilities happens quickly. In fact, it took Mozilla only 22 hours to patch a zero day vulnerability identified within Firefox at the Pwn2Own hacking competition that took place last week.
The new Firefox version 52.0.1 which was released late on Friday contains the patch for the flaw discovered by hackers in the competition. The fix was confirmed via Twitter by Asa Dotzler, Mozilla participation director for Firefox OS, as well as Daniel Veditz, security team member at Mozilla.
The bug was discovered by the Chaitin Security Research Lab from China. The hackers managed to escalate privileges in an exploit during the hacking competition by combining the bug with an initialized buffer in the Windows kernel. The bug bounty for this particular vulnerability was of $30,000 indicating that it was a serious matter.
In a security advisory published by Mozilla, the company marks the integer overflow in the createImageBitmap() as "critical." They say that the bug was fixed in the newest version by disabling experimental extensions to the createImageBitmap API.
Mozilla also claims that since the function works int he content sandbox, it would have required a second vulnerability to compromise a user's computer. Chaitin used, in this instance, the Windows kernel.
Read more: Mozilla Fixes Critical Vulnerability in Firefox 22 Hours After Discovery
The new Firefox version 52.0.1 which was released late on Friday contains the patch for the flaw discovered by hackers in the competition. The fix was confirmed via Twitter by Asa Dotzler, Mozilla participation director for Firefox OS, as well as Daniel Veditz, security team member at Mozilla.
The bug was discovered by the Chaitin Security Research Lab from China. The hackers managed to escalate privileges in an exploit during the hacking competition by combining the bug with an initialized buffer in the Windows kernel. The bug bounty for this particular vulnerability was of $30,000 indicating that it was a serious matter.
In a security advisory published by Mozilla, the company marks the integer overflow in the createImageBitmap() as "critical." They say that the bug was fixed in the newest version by disabling experimental extensions to the createImageBitmap API.
Mozilla also claims that since the function works int he content sandbox, it would have required a second vulnerability to compromise a user's computer. Chaitin used, in this instance, the Windows kernel.
Read more: Mozilla Fixes Critical Vulnerability in Firefox 22 Hours After Discovery
