Mozilla has published Firefox browser upgrades to address two zero-day vulnerabilities discovered at the Pwn2Own Vancouver 2024 hacking contest last week.
The vulnerabilities, found by security researcher Manfred Paul, were linked together to bypass the browser’s sandbox and execute code on the system. The first vulnerability, identified as CVE-2024-29943, is defined as an out-of-bounds access problem that allows for the bypass of range analysis. “An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination,” according to an alert issued by Mozilla.
The second vulnerability, CVE-2024-29944, is a privileged JavaScript execution issue in event handlers that might lead to a sandbox escape.
Read More: Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.