Mozilla has quickly patched a pair of critical Firefox zero days after a researcher debuted them at a Vancouver cybersec competition.
Pwn2Own Vancouver 2022 – Manfred Paul vs Mozilla Firefox
Manfred Paul demonstrated the flaws at Pwn2Own last week, the latest in a series of vulnerability and exploit events run by Trend Micro's Zero Day Initiative (ZDI). The event had security experts competing to exploit the most vulnerabilities throughout the competition, earning cash prizes and leaderboard points for each success.
Paul exploited two vulnerabilities, both of which were rated "critical," meaning they are each considered to have a severity rating of 9.0 or higher, although specific ratings have not yet been assigned. They are now tracked as CVE-2024-29943 and CVE-2024-29944 – an out-of-bounds read/write and privileged code execution bug, respectively.
The full descriptions as advised by Mozilla:
