This shouldn't come as a complete shock to anyone who's been around the online block a time or two, but no web browser is 100 percent secure. That much was once again proven at the annual Pwn2Own
hacking event held at the CanSecWest security conference. By the second day of the event, every major browser had fallen -- Firefox
(Google), Internet Explorer
(Microsoft), and Safari
(Apple). Not all browsers are created equal, however, and out of the bunch, Firefox had the unwanted distinction of being the most exploited.
Security researchers participating in the event were able to exploit vulnerabilities in Firefox three separate times on the first day of the event, plus one more time on the second day. That brought the tally to four, which is more than any of the other browsers. The good news for Firefox fans is that Mozilla is typically quick to patch zero-day exploits in Firefox, which is on a rapid release schedule.
Security researcher Mariusz Mlynski demonstrating exploit on Mozilla Firefox. Source: Pwn2Own
"We are working quickly to address each of these bugs and expect to deliver fixes next week," Sid Stamm, senior engineering manager of security and privacy at Mozilla, told eWEEK
Stamm also said that the risk of Firefox users being compromised from any of the four zero-day bugs within the next couple of days is pretty low, so there's no need to hit the panic button. As to why Firefox was exploited more than the other browsers during the event, Stamm believes it comes down to money. Even though Firefox has a bug bounty program of its own, Pwn2Own pays larges sums of money -- each Firefox flaw was worth $50,000 -- which may have prompted security researchers to hold off on sharing previously discovered exploits until the event.