Firefox Browser Hacked in 8 Seconds by 2 Critical Security Flaws

You might not have noticed that Mozilla Firefox was also hacked. Windows 11, Ubuntu Desktop, Microsoft Teams, and Windows 11 were all hacked within a week . Two critical security flaws were exploited in just eight seconds.

In just eight seconds, who hacked Mozilla Firefox’s browser?

The hacker was the highly skilled Manfred Paul. He pulled off the lightning fast double exploit using two crucial vulnerabilities at the PWN2OWN Vancouver event, 2022. It ended on Friday, May 20,

Manfred Paul was fourth to take the stage at the opening session PWWN2OWN, Wednesday May 18. His zero-day hack was quick and double-headed. He received $100,000 in bounty money. He won $50,000 more for his zero-day exploit of the Apple Safari browser later that day.

Which were the critical vulnerabilities?

The Mozilla Foundation was immediately notified of all technical details regarding the hack. The vulnerabilities were both described in a security advisory on May 20.


CVE-2022-1802

An attacker could execute code in a privileged environment by causing “prototype contamination in Top-Level Implementation”

CVE-2022-1529

An “untrusted input in JavaScript object Indexing, leading to prototype contamination” could be used by an attacker to send a “message to the parent process where contents were used to double-index into JavaScript objects.” This led to prototype pollution, as shown in the first exploit.

What should Firefox browser users do right now?

The answer is usually no. This isn’t to minimize the severity of these critical vulnerabilities, or the zero-day exploit Manfred Paul demonstrated at PWN2OWN.

It ‘upplays’ the fact the Mozilla Foundation responded super-quickly and released an emergency Firefox update that fixes the flaws. Firefox will automatically update, even in the background, when you close your browser. This should have been applied for all users by now.

You won’t be protected if your browser is running continuously, with no restarts, or if you have disabled automatic updates. About Firefox.

You are searching for the updated and patched version numbers:

  • Firefox v100.0.2 for desktop users
  • Firefox v100.3.0 Android Users
  • Firefox v91.9.1 Enterprise Extended Support Release Users

Quick inspection of the iOS app status shows that it has not been updated since the PWN2OWN events. It is currently at version 100.1 (9384) on my iPhone 13 Pro. I reached out to find out if there is an iOS update or if the exploit doesn’t apply to this platform. I will update this article as soon as I learn more.

HEY! Could we ask you for a favor? Would you share this article with your friends? It costs you nothing and it takes just a second, but means the world to us. Thanks a lot!