At the Pwn2own 2015 event on March 18 and 19, Microsoft’s Internet Explorer, Google Chrome, Apple Safari and Mozilla Firefox were all exploited by security researchers
Mozilla released Firefox 36.0.3 on March 20, with the intention of providing fixes for the security issues that were first disclosed at Pwn2own 2013. Unfortunately however, Mozilla quickly discovered that one of the fixes was not complete and released Firefox 36.0.4 on March 21 providing an update. The updated fix in Firefox 36.0.4 is for a vulnerability identified as CVE-2015-0818, which is a same origin bypass issue that was demonstrated by researcher Mariusz Mylnski on March 18.
Firefox was also patched for CVE-2015-0817, which is a JavaScript exploit demonstrated by security researcher only know as ‘ilxu1a’
Read the full story at eWEEK:
Mozilla Patches Firefox for Pwn2Own Security Flaws
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.