Firefox Security Response to pwn2own 2025
a year ago
- #pwn2own
- #security
- #Firefox
- Mozilla prioritizes security, demonstrated by Firefox's bug bounty program and rapid response to vulnerabilities.
- At pwn2own, two Firefox exploits were demonstrated, but neither broke the sandbox, showcasing Firefox's strong security architecture.
- Mozilla released updated Firefox versions (138.0.4, ESR 128.10.1, ESR 115.23.1, and Android) within a day of the exploit announcements.
- Firefox's sandbox improvements have effectively neutralized a range of attacks, preventing sandbox escapes this year.
- A global team from various roles collaborated to quickly test and release fixes for the reported exploits.
- Mozilla uses incidents like pwn2own to enhance incident response and identify further security improvements.
- Resources for learning about Mozilla's security initiatives include Mozilla Security, Mozilla Security Blog, and the Bug Bounty Program.