
WEB BROWSER OUTFIT Mozilla has fixed several security flaws in Firefox that were uncovered by researchers attending the annual Pwn2own hacking contest.
Firefox was exploited four times with zero-day attacks during the hacking event, making it one of the least secure web browsers out of the four most popular: Google's Chrome, Microsoft's Internet Explorer (IE) and Apple's Safari.
"We implemented all of the fixes over the weekend and will release them on Tuesday with Firefox 28," Mozilla's Senior Engineering Manager of Security and Privacy, Sid Stamm, told The INQUIRER. "By Friday, we expect everyone will be offered the updates, though users can get them manually at any time after the release by checking for Firefox updates."
Because the exploits were not publicly known, Stamm said the security risk to unpatched users was "low", so Mozilla decided not to disrupt users with additional upgrade cycles this week.
The other three major web browsers - Google's Chrome, Microsoft's Internet Explorer (IE) and Apple's Safari - were also exploited as part of the competition, along with the software application Adobe Flash, Firefox saw three takedowns on the first day and another on the second, making it the most exploited web browser of the bunch.
The two-day Pwn2own event wrapped up last Thursday at the Cansecwest conference at the Sheraton Wall Hotel in Vancouver, BC, challenging security researchers, software engineers and hackers to demonstrate flaws in popular consumer and enterprise software systems.
The event sponsor HP's Zero Day Initiative (ZDI) awarded $850,000 in total prize money, leaving $385,000 of potential prize money unclaimed.
"The luck of the draw brought three of four browsers to the table on the first day, and put [security firm] Vupen at the table for four attempts," HP said in a blog post recapping the event.
"All six of Wednesday's attempts were successful. Vupen collected $300,000 for vulnerabilities in Adobe Reader, Microsoft Internet Explorer, Mozilla Firefox, and Adobe Flash, and researchers Mariusz Mlynski and Jüri Aedla each collected $50,000 apiece for vulnerabilities in Firefox."
The second and final day of Pwn2own 2014 saw successful attempts by seven entrants against five products, with $450,000 paid to researchers.