Firefox 28 patches all four zero-day vulnerabilities that were disclosed during the Hewlett-Packard Pwn2Own event last week. HP awarded security researchers $50,000 each, for a total of $200,000, for the four zero-days that are now patched in Firefox 28.
Johnathan Nightingale, vice president of Firefox at Mozilla, told eWEEK that Mozilla implemented all of the fixes over the weekend so they could be included in today’s Firefox 28 release. Although the four zero-day flaws were first reported on March 19 and March 20, they were not being exploited in the wild. HP has a responsible disclosure process for Pwn2Own vulnerabilities and has not publicly disclosed the flaws.