Mozilla Firefox Most Exploited Browser At Pwn2Own 2014 Event

This shouldn't come as a complete shock to anyone who's been around the online block a time or two, but no web browser is 100 percent secure. That much was once again proven at the annual Pwn2Own hacking event held at the CanSecWest security conference. By the second day of the event, every major browser had fallen -- Firefox (Mozilla), Chrome (Google), Internet Explorer (Microsoft), and Safari (Apple). Not all browsers are created equal, however, and out of the bunch, Firefox had the unwanted distinction of being the most exploited.

Security researchers participating in the event were able to exploit vulnerabilities in Firefox three separate times on the first day of the event, plus one more time on the second day. That brought the tally to four, which is more than any of the other browsers. The good news for Firefox fans is that Mozilla is typically quick to patch zero-day exploits in Firefox, which is on a rapid release schedule.

Pwn2Own
Security researcher Mariusz Mlynski demonstrating exploit on Mozilla Firefox. Source: Pwn2Own

"We are working quickly to address each of these bugs and expect to deliver fixes next week," Sid Stamm, senior engineering manager of security and privacy at Mozilla, told eWEEK.

Stamm also said that the risk of Firefox users being compromised from any of the four zero-day bugs within the next couple of days is pretty low, so there's no need to hit the panic button. As to why Firefox was exploited more than the other browsers during the event, Stamm believes it comes down to money. Even though Firefox has a bug bounty program of its own, Pwn2Own pays larges sums of money -- each Firefox flaw was worth $50,000 -- which may have prompted security researchers to hold off on sharing previously discovered exploits until the event.
Via:  eWEEK
Comments
ChrisFarscapeFredKim 9 months ago

I just built a new PC and dl 'd Firefox. Not feeling to happy

RobertBoone 9 months ago

I use Firefox mostly for the simplicity and speed. I like how chrome easily saves your settings if you want them elsewhere, but I don't like the UI setup very much. And IE, well that one speaks for itself.

JaySleven 9 months ago

I too use FireFox, I don't like the fact that it is apparently less secure but I still would prefer it just for it's functionality

infinityzen1 9 months ago

Well it is a base install of Firefox. Add in Adblock Plus, Better Privacy, No Script, etc and it is much more secure.

JeordieWhite 9 months ago

Well the article is a little misleading in that four exploits were discovered and exploited at this event. It does certainly lead to a misconception that this browser is so incredibly dangerous compared to any and all browsers. However if you aren't using noscript, you aren't using firefox right. Google wanted noscript to come over to chrome, the developer would love to, but the API wasn't ready. This was early versions of chrome single digit version. Up to 33 updates later and the API still isn't where it needs to be for noscript. Noscript does provide some really interesting security features, such as ABE. However it is a bit more advanced than some people would like to deal with, so sadly people are missing out on a feature that really makes firefox still stand out.

eynodon 9 months ago

> "Up to 33 updates later and the API still isn't where it needs to be for noscript"

 

Where did you get this information? This is just plain untrue. See API: http://developer.chrome.com/extensions/webRequest .

 

There are script blockers on Chrome. I would even go as far as saying some are quite more advanced than NoScript, for instance, i.e. https://chrome.google.com/webstore/detail/http-switchboard/mghdpehejfekicfjcdbfofhcmnjhgaag

JefferyPruett 9 months ago

Firefox is great and all but I like Google best :)

CCobeen 9 months ago

I use Opera. The older Opera, before they started using chromiums engine.

NickChristides 9 months ago

But Doesn't Need Plug-Ins for Unreal 4 Engine No Wonder Why on Most wanted list!

Post a Comment
or Register to comment