Mozilla has done an amazing job addressing two zero-day vulnerabilities in the Firefox web browser exploited during the recent Pwn2Own Vancouver 2024 hacking competition.
The researcher Manfred Paul (), who won the competition, exploited the two vulnerabilities, respectively tracked and .
On Day Two, Paul demonstrated a sandbox escape of Mozilla Firefox by using an OOB Write for the RCE and an exposed dangerous function bug. He earned $100,000 and 10 Master of Pwn points for this hack.
Below is the description of both issues, according to the the vulnerability CVE-2024-29944 affects Desktop Firefox only, it does not affect mobile versions of Firefox:
Mozilla released Firefox 124.0.1 and Firefox ESR 115.9.1 to address both issues.
Pwn2Own Vancouver 2024 hacking competition took place this week, Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 in the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one, the successfully demonstrated exploits against a Tesla car.
The researcher Manfred Paul () won the Master of Pwn earning $202,500 and 25 points.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, Mozilla)