Well, that was quick

The recently concluded Pwn2Own contest—a lucrative hacking competition held as part of the annual CanSecWest conference—saw all four major internet browsers get their soft(ware) underbellies exposed. Three of the ten browser bugs exposed at the two-day event were in Firefox, which emerged as the second-most pwned browser at the event behind Internet Explorer. But there’s one area where Mozilla has clearly left its competitors behind.
Mozilla, it appears, scuttled to fix the bugs as soon as they came to light, with the rapidity ultimately helping it become the first vendor to fix vulnerabilities disclosed at the conference. Two days and as many minor updates is all it took for the open-source outfit to plug the said holes.
The first point release (36.0.3) came on Friday and included a fix for a bug in “Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access.” The bug, which could have allowed an attacker to execute malicious code, was discovered by a hacker known only by their nom de guerre “ilxu1a.”
Another minor release (36.0.4) came out a day later. It fixes what was yet another critical vulnerability with the potential for arbitrary code execution. Discovered by Mariusz Mlynski, this was a flaw in the processing of SVG (Scalable Vector Graphics) content navigation.
This is what HP—a co-sponsor through its Zero Day Initiative (ZDI)—had to say about Mlynski’s exploits: “Mariusz Mlynski stepped up to Mozilla Firefox and knocked it out of the park through a cross-origin vulnerability followed by privilege escalation within the browser – all within .542 seconds. This allowed him to execute a logical flaw to escalate to SYSTEM in Windows and take home $30,000 USD for the Firefox bug and an additional $25,000 bonus for the privilege escalation.”
Follow Pulkit on Google+


More...