May 23 — Last week, Tesla was hacked. This week, Mozilla Firefox.

Firefox vulnerabilities

In 8 seconds, at the PWN2OWN event in Vancouver, the talented cyber security hacker by the name of Manfred Paul managed to identify a double Firefox exploit. The event came to an end on Friday May 20th.

Paul’s Mozilla Firefox findings earned him $100,000 in a bounty prize. Later in the day, Paul managed to win another $50,000 for a successful exploit within the Apple Safari browser.

Firefox technical details

Although the full technical details have yet to see release, both vulnerabilities were rated as of ‘critical’ impact. Read on to see descriptions of the vulnerabilities:

• CVE-2022-1802: This is a prototype pollution “in Top-Level Await implementation” that could allow a hacker who had previously corrupted an Array object in JavaScript to execute code in a privileged context.
• CVE-2022-1529: This is an “untrusted input used in JavaScript object indexing” that could lead to prototype pollution and that could enable a hacker to send a message “to the parent process where the contents were used to double-index into a JavaScript object.” In turn, this resulted in the prototype pollution as explained in the first exploit example.

Firefox user information

For the majority of users, there’s not much to do in relation to these bugs. Upon receiving the bug information, the Mozilla Foundation quickly took action, and released an emergency update for Firefox, effectively patching the flaw.

Firefox will automatically update by default, unless users keep the browser running without restarts or have disabled automatic updated. In such cases, individuals are encouraged to download, install and restart devices as needed.

For further information, please visit Forbes. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.