Mozilla Plugs Critical Pwn2Own Vulnerabilities in Firefox, Urges Users to Update Immediately

By Netvora Tech News

---

The Mozilla Foundation has patched two critical vulnerabilities in the Firefox browser that were demonstrated during the Pwn2Own hacking competition in Berlin. The organization is urging users and administrators to update their browsers as soon as possible to prevent potential attacks. Pwn2Own is an annual event where researchers are rewarded for demonstrating unknown vulnerabilities in widely used products and services. The competition has different categories, including browsers, containers, virtualization software, business applications, server software, operating systems, and even a Tesla Model 3/Y. During the Berlin event, which took place from May 15 to 17, researchers from Palo Alto Networks and individual researcher Manfred Paul demonstrated two separate attacks on the Firefox renderer. According to Mozilla, neither of these vulnerabilities could break out of their sandbox, which is required to gain control over the user's system. However, an attacker could use these security flaws to execute malicious code within the browser and steal user data, for example. Yesterday, on May 17, Mozilla released updates to fix both problems. "Despite the limited impact of these attacks, all users and administrators are advised to update Firefox as soon as possible," Mozilla recommends. Users can update to Firefox ESR 115.23.1, Firefox ESR 128.10.1, or Firefox 138.0.4. The researchers who demonstrated the attacks received a reward of $50,000 each.