Jump to content

Mozilla Firefox and Microsoft Edge Hacked at Pwn2Own


The AchieVer

Recommended Posts

The AchieVer

Mozilla Firefox and Microsoft Edge Hacked at Pwn2Own 

Mozilla Firefox and Microsoft Edge were both hacked in the second day of the Pwn2Own hacking contest, and in the case of the Windows 10 browser, researchers came up with a super-complex and clever approach to escape a virtual machine and get inside the host.

Mozilla Firefox and Microsoft Edge were both hacked in the second day of the Pwn2Own hacking contest, and in the case of the Windows 10 browser, researchers came up with a super-complex and clever approach to escape a virtual machine and get inside the host.

Amat Cama and Richard Zhu of Fluoroacetate were the first to attempt to break into Mozilla Firefoxusing a JIT Bug and an out-of-bounds write in the Windows kernel.

This technique allowed to run code at system level, technically taking over the machine completely after pointing Firefox to a crafted website. The two were received a price of $50,000.

Mozilla’s browser was also hacked by Niklas Baumstark, who escaped the sandbox with a mix of a JIT bug and a logic bug. The researcher eventually obtained the same rights as the logged-in user, which could obviously provide full control of the host in the case of an administrator account. Baumstark received $40,000 for his exploit.Microsoft Edge exploitsFluoroacetate also hacked Microsoft Edge with a more complex attack that earned them $130,000.

“Starting from within a VMWareWorkstation client, they opened Microsoft Edge and browsed to their specially crafted web page,” Zero Day Initiative explains.

“That’s all it took to go from a browser in a virtual machine client to executing code on the underlying hypervisor. They started with a type confusion bug in the Microsoft Edge browser, then used a race condition in the Windows kernel followed by an out-of-bounds write in VMware workstation.”

Arthur Gerkis of Exodus Intelligence also managed to exploit Microsoft Edge with a double free bug in the renderer mixed with a logic bug to escape the sandbox. His successful attack against the Windows 10 browser brought him $50,000.

The vulnerabilities that the researchers used to break into the two browsers have been reported to Mozilla and Microsoft and they should be patched in the coming updates.
 
 
 
 
Link to comment
Share on other sites


  • Replies 1
  • Views 518
  • Created
  • Last Reply
Quote

They started with a type confusion bug in the Microsoft Edge browser, then used a race condition in the Windows kernel followed by an out-of-bounds write in VMware workstation.

 

Well, there goes my plans to upgrade to Windows 10...

 

 

 

 

 

 

(not really, just kidding)

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...