Monday, 17 March 2014 16:02

FireFox Gets Beaten up at Pwn2Own with Four Zero-Day Exploits

Written by

Reading time is around minutes.

In the browser wars there is always going to be the argument over which browser is “better”. You will hear people talk about how fast, secure, cool, feature rich their favorite browser is, but in the end all of them really fall short of where they should be. Oddly enough it is Microsoft’s Internet Explorer that gets the brunt of the jokes and jabs (in many cases rightly so). However at this year’s Pwn2Own it was Mozilla’s FireFox that got tossed around like a rag doll.

 

The Pwn2Own event is an annual event that pits security researchers against current software security (basic application security). During the event “contestants” use various exploits to try and execute arbitrary code on a system. Although there are many different events the one we are concerned with for this article is the browser hacks. Here the target is still a system, but the vector needs to be through the browser in some format. As we mentioned above Mozilla’s FireFox, often hailed as being the most secure browser, was hit by a total of four different exploits that allows execution of arbitrary code on the target system. This made it the browser with the most working zero-day exploits.

One of the problems with Firefox is that there is still no real Sandbox to prevent malicious code from exiting the browser and getting into the OS. This does not mean that having a sandbox will protect you though, Safari, Chrome and even IE have them and they were hacked as well. Just recently Microsoft’s own mitigation tools were “P0wned” when a security research firm used existing DLLs to get around… well all of them.

It is pretty sad for Mozilla to get taken like this (four separate Zero-Day exploits is a lot) considering they have campaigned as the “better” alternative to Internet Explorer for so long. Still all of the exploits used were handed over to Mozilla so they can fix them. Perhaps we will see an improved browser from them in the near term with better security. This would be the best thing for all, but it is still important to remember that there is no such thing as a secure web browser, ALL of them can and have been hacked and exploited.

Tell us what you think in our Forum

 

Read 2436 times Last modified on Monday, 17 March 2014 16:02

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.