MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
firefox
Search

Firefox Announces Same-Day Update After Two Minor Pwn2Own Exploits

Sunday May 18, 2025. 05:34 PM , from Slashdot
Firefox Announces Same-Day Update After Two Minor Pwn2Own Exploits
During this year's annual Pwn2Own contest, two researchers from Palo Alto Networks demonstrated an out-of-bounds write vulnerability in Mozilla Firefox, reports Cyber Security News, 'earning $50,000 and 5 Master of Pwn points.' And the next day another participant used an integer overflow to exploit Mozilla Firefox (renderer only).

But Mozilla's security blog reminds users that a sandbox escape would be required to break out from a tab to gain wider system access 'due to Firefox's robust security architecture' — and that 'neither participating group was able to escape our sandbox...'

We have verbal confirmation that this is attributed to the recent architectural improvements to our Firefox sandbox which have neutered a wide range of such attacks. This continues to build confidence in Firefox's strong security posture.

Even though neither attack could escape their sandbox, 'Out of abundance of caution, we just released new Firefox versions... all within the same day of the second exploit announcement.' (Last year Mozilla responded to an exploitable security bug within 21 hours, they point out, even winning an award as the fastest to patch.)

The new updated versions are Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1 and Firefox for Android. 'Despite the limited impact of these attacks, all users and administrators are advised to update Firefox as soon as possible....'

To review and fix the reported exploits a diverse team of people from all across the world and in various roles (engineering, QA, release management, security and many more) rushed to work. We tested and released a new version of Firefox for all of our supported platforms, operating systems, and configurations with rapid speed....
Our work does not end here. We continue to use opportunities like this to improve our incident response. We will also continue to study the reports to identify new hardening features and security improvements to keep all of our Firefox users across the globe protected.

Read more of this story at Slashdot.
Read more at Slashdot
https://tech.slashdot.org/story/25/05/18/0558219/firefox-announces-same-day-update-after-two-minor-p...

Related News

firefox Windows 11 hacked multiple times by security researchers at Pwn2Own Berlin 2025 BetaNewsMay 16
security Mozilla wants to show you the future in Firefox Labs BetaNewsMay 14
our Nobara 42 ditches Firefox for Brave while becoming the friendliest Fedora-based Linux distribution ever BetaNewsMay 14
pwn Firefox moves to GitHub BoingBoingMay 13
sandbox Mozilla Firefox could be collateral damage in Google’s antitrust battle ComputerWorldMay 5
users Firefox Could Be Doomed Without Google Search Deal, Executive Says SlashdotMay 4
escape Thunderbird joins Firefox on the monthly treadmill TheRegisterApr 30
mozilla Firefox slaps itself on the back for finally adding tab groups and catching up with other browsers BetaNewsApr 30
exploits Firefox Finally Delivers Tab Groups Feature SlashdotApr 29
two Enterprise tech dominates zero-day exploits with no signs of slowdown TheRegisterApr 29
own Firefox 138.0 released LWN.netApr 29
out Today's LLMs craft exploits from patches at lightning speed TheRegisterApr 21
day Hardening the Firefox frontend LWN.netApr 9
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
May, Sun 18 - 21:11 CEST