Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Mozilla releases security patches to fix critical zero-day bugs in Firefox
Manfred Paul discovered the vulnerabilities during the Pwn2Own Vancouver 2024 hacking contest
2 min. read
Published onMarch 24, 2024
published onMarch 24, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Mozilla recently releasedsecurity patchesto fix two critical zero-day vulnerabilities in Firefox 124.0.1 and one in Firefox ESR 115.9.1. It became the first vendor to release patches for critical bugs discovered during the Pwn2Own Vancouver 2024.
Mozilla fixes two security vulnerabilities in Firefox 124.0.1 and one in Firefox ESR 115.9.1
Arecent tweetby Zero Day Initiatives confirmed thatManfred Paulwon $10000 and 10 Master of Pwn points at the Pwn2Own 2024 as he exploited the Out-of-bounds (OOB) Write flaw for the Remote Code Execution (RCE) and escaped Firefox’s sandbox using an exposed dangerous function.
It is worth noting that Paul topped the leaderboard with 25 Master of Pwn points at the hacking competition.
Talking about the first security vulnerability (CVE-2024-29943), Mozilla explained:
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination.
Additionally, Mozilla also talked about the second vulnerability (CVE-2024-29944) that affected Firefox on desktop devices:
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox.
Mozilla acted quickly on the identified vulnerabilities and rolled out security patches for Firefox a day later. Moreover, asecurity patchis also released in Firefox ESR 115.9.1 to block RCE attacks targeting Firefox on desktop devices.
More about the topics:Firefox
Vlad Turiceanu
Windows Editor
Passionate about technology,Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world.
Coming from a solid background in PC building and software development, with a complete expertise in touch-based devices, he is constantly keeping an eye out for the latest and greatest!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Vlad Turiceanu
Windows Editor
Coming from a solid background in PC building and software development, he’s a Windows 11 Privacy & Security expert.
