Mozilla fixes Wednesday's Pwn2Own double exploit...Friday!

Mozilla fixes Wednesday’s Pwn2Own double exploit…Friday!

Just a quick note to let you know that we got Firefox and Pwn2Own wrong in our last podcast…

…but we were right about Mozilla’s reaction in our last podcast promotional video:

In the video we said (emphasis below):

In the podcast, we speculated, “Was it [recent Firefox fix] pushed just in time for Pwn2Own, hoping that would stop the attack from working? If that was the reason, it didn’t work. […] But we know Mozilla will be rushing to fix this one as soon as they get the Pwn2Own contest details.

To explain.

In a post from last weekend, after our Linux distribution received an out-of-band Firefox patch seemingly in a hurry, but the update still hadn’t posted to the Firefox website, we wondered: “Is there some sort of cybersecurity rush here? »

This update added a sandbox security feature called Win32k lock it had taken months, if not years, to prepare, but had just missed the planned 100.0 release.

As a result, we speculated that Firefox 100.0.1, a simple point release in which a whole new Windows security feature was suddenly enabled, was purpose-built, just in time for this year’s Pwn2Own hack contest. in Vancouver, Canada.