Mozilla Patches Wednesday’s Pwn2Own Double-Exploitation… Friday!


Just a brief note to let you know that we were wrong about Firefox and Pwn2Own in our recent podcast …

… But we were right about how Mozilla would react to our recent podcast. Promotional videos:

In the video, we say (our own emphasis below):

In the podcast, we guessed, “It was [recent Firefox fix] Pwn2Own was pushed just in time, hoping it would stop the attack from working? “For whatever reason, it didn’t work. […] But we know that Mozilla Pwn2Own will rush to fix it as soon as it gets the details of the competition.

To explain.

In an article last weekend, after our Linux distro received a seemingly soon-out-of-band Firefox patch but the update hasn’t yet appeared on the Firefox website, we think to ourselves, “Is there any kind of cyber security scramble here? “

A sandbox security feature known as this update has been added Win32k Lockdown Which was in the making for a few months, if not years, but just missed the scheduled release 100.0.

Accordingly, we speculate that Firefox 100.0.1, a mere point-release where a brand new Windows security feature was abruptly activated, was particularly opposed during this year’s Pwn2Own hacking contest in Vancouver, Canada.