Mozilla Patches Firefox Bug from Pwn2Own Hacker Contest
Mozilla patches a Firefox vulnerability exploited at the CanSecWest Pwn2Own contest in March. Among Firefox, Internet Explorer, Apple Safari and Google Chrome, only Google's browser emerged from the contest unscathed.Mozilla has patched the Firefox flaw exploited during the Pwn2Own contest at the CanSecWest security conference, held March 24 to 26. The bug was discovered and exploited by a researcher from MWR InfoSecurity going by the hacker alias "Nils." According to Mozilla, the vulnerability was a memory corruption flaw. "By moving DOM nodes between documents, Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object," allowing the possibility of code execution by an attacker, Mozilla said.
The vulnerability only affected Firefox 3.6 and not earlier versions of the browser, according to Mozilla. It is fixed in Firefox 3.6.3.