![]() ![]() Iozzo and Pinckaers rode that exploit to take Pwn2Own's $30,000 second-place prize.Īccording to Mozilla's security advisory, the Iozzo/Pnickaers vulnerability had been discovered earlier by Firefox software engineer Jeff Walden. It turned out that Mozilla already knew of the vulnerability exploited by researchers Vincenzo Iozzo and Willem Pinckaers on Pwn2Own's last day, March 9. The delay, which Mozilla announced last Monday morning and nixed later the same day, was necessary, said Mozilla, to patch a Firefox bug unveiled at the Pwn2Own hacking contest. Before the scheme's January debut, Microsoft had asked users for their permission before upgrading IE from one version to the next, even if Windows' automatic update service was enabled.Īlso this week, Mozilla released Firefox 11 with patches for 12 vulnerabilities, nine of them rated "critical."įor a short time, Firefox 11 faced a launch delay that would have broken Mozilla's perfect record of meeting release deadlines since it switched to an every-six-week pace last year. Microsoft has also jumped on the silent update bandwagon: In December 2011, it announced it would automatically upgrade Internet Explorer (IE) to the newest browser suitable for each version of Windows. Firefox silent updating would let Mozilla deploy emergency security fixes - it calls those "chem spills" - without bothering users, and potentially push more users to each new version.
0 Comments
Leave a Reply. |