{"id":7055,"date":"2017-03-20T16:31:10","date_gmt":"2017-03-21T00:31:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/20\/news-846\/"},"modified":"2017-03-20T16:31:10","modified_gmt":"2017-03-21T00:31:10","slug":"news-846","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/20\/news-846\/","title":{"rendered":"Mozilla beats rivals, patches Firefox&#039;s Pwn2Own bug"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt1.staticworld.net\/images\/article\/2017\/02\/p1200649-100708726-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Gregg Keizer| Date: Mon, 20 Mar 2017 17:26:00 -0700<\/strong><\/p>\n<p>Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.<\/p>\n<p>&#8220;Congrats to #Mozilla for being the first vendor to patch vuln[erability] disclosed during #Pwn2Own,&#8221; <a target=\"_blank\" href=\"https:\/\/twitter.com\/thezdi\/status\/843899974085689346\">tweeted the Zero Day Initiative<\/a> (ZDI) Monday. ZDI, the bug brokerage run by Trend Micro, sponsored Pwn2Own.<\/p>\n<p>Mozilla released Firefox 52.0.1 on Friday, March 17, with a patch for the integer overflow bug that Chaitin Security Research Lab leveraged in an exploit at Pwn2Own on Thursday, March 16. The Beijing-based group was awarded $30,000 by ZDI for the exploit, which combined the Firefox bug with one in the Windows kernel.<\/p>\n<p>The vulnerability was rated &#8220;Critical&#8221; by Mozilla in an <a target=\"_blank\" href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2017-08\/\">accompanying description<\/a>. As usual, the company masked the technical details of the bug to outsiders. <\/p>\n<p>Chaitin was just one of several Chinese security teams that participated in <a href=\"http:\/\/www.computerworld.com\/article\/3180523\/security\/adobe-reader-edge-safari-and-ubuntu-fall-in-first-day-at-pwn2own.html\">Pwn2Own<\/a>, again held at the annual CanSecWest conference in Vancouver, B.C., Canada. The group took third place among the participants, and won a total of $90,000 in prize money.<\/p>\n<p>Firefox was not the only browser to fall at Pwn2Own. Apple&#8217;s Safari was hacked four times at the contest, and Microsoft&#8217;s Edge was exploited five times during the three-day event. Google&#8217;s Chrome, however, came away unscathed.<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3183264\/security\/mozilla-beats-rivals-patches-firefoxs-pwn2own-bug.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt1.staticworld.net\/images\/article\/2017\/02\/p1200649-100708726-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Gregg Keizer| Date: Mon, 20 Mar 2017 17:26:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.<\/p>\n<p>&#8220;Congrats to #Mozilla for being the first vendor to patch vuln[erability] disclosed during #Pwn2Own,&#8221; <a target=\"_blank\" href=\"https:\/\/twitter.com\/thezdi\/status\/843899974085689346\">tweeted the Zero Day Initiative<\/a> (ZDI) Monday. ZDI, the bug brokerage run by Trend Micro, sponsored Pwn2Own.<\/p>\n<aside id=\"fsb-2055\" class=\"fakesidebar\"><strong>[ To comment on this story, visit <a href=\"https:\/\/www.facebook.com\/Computerworld\/\" target=\"_blank\">Computerworld&#8217;s Facebook page<\/a>. ]<\/strong><\/aside>\n<p>Mozilla released Firefox 52.0.1 on Friday, March 17, with a patch for the integer overflow bug that Chaitin Security Research Lab leveraged in an exploit at Pwn2Own on Thursday, March 16. The Beijing-based group was awarded $30,000 by ZDI for the exploit, which combined the Firefox bug with one in the Windows kernel.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3183264\/security\/mozilla-beats-rivals-patches-firefoxs-pwn2own-bug.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[4314,714,11114],"class_list":["post-7055","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-internet","tag-security","tag-web-browsers"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7055"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7055\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7055"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}