Firefox too insecure for Pwn2Own


  • Impossible Mission Players - A

    @The Article said:

    One change in the 2016 event is that the Mozilla Firefox Web browser is no longer part of the contest.

    "We wanted to focus on the browsers that have made serious security improvements in the last year," Gorenc said.

    When asked about extending the contest to popular forum software such as Discourse, organizers broke out in such hysterical laughter that emergency medical services were called. </sarc>



  • http://www.extremetech.com/computing/178587-firefox-is-still-the-least-secure-web-browser-falls-to-four-zero-day-exploits-at-pwn2own (March '14):

    At Pwn2Own 2014, an annual computer hackfest in Vancouver, Mozilla’s Firefox has proven yet again that it’s the least secure major web browser. While all four major web browsers — Chrome, Internet Explorer, Firefox, and Safari — were successfully exploited, for a grand total of $850,000 in prize money awarded to successful security researchers, Firefox was by far the least secure browser, racking up no less than four zero-day vulnerabilities. These vulnerabilities, if they were in the wild, would allow a hacker to do just about anything with your computer if you visited a specially crafted website.

    http://www.zdnet.com/article/pwn2own-2015-the-year-every-browser-went-down/ (March '15)

    Then it was Firefox's turn to get hammered. Mariusz Mlynski used a cross-origin vulnerability followed by privilege escalation within the browser, to crack it in just over half-a-second. From there, he used a logical flaw to escalate to a Windows system administrator security level.



  • @PJH said:

    From there, he used a logical flaw to escalate to a Windows system administrator security level.

    From hacking a browser to system administrator security level. Windows must be the most secure OS ever written :rolleyes:


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.