Mozilla Patches Firefox 28 Pwn2Own Flaws, Adds Gamepad API Support
Mozilla patches zero-day flaws less than a week after they're first reported and adds new capabilities to the open-source Web browser.Mozilla is out today with its latest Firefox Web browser release, fixing security vulnerabilities and providing new capabilities to end users and developers. Firefox 28 patches all four zero-day vulnerabilities that were disclosed during the Hewlett-Packard Pwn2Own event last week. HP awarded security researchers $50,000 each, for a total of $200,000, for the four zero-days that are now patched in Firefox 28. Johnathan Nightingale, vice president of Firefox at Mozilla, told eWEEK that Mozilla implemented all of the fixes over the weekend so they could be included in today's Firefox 28 release. Although the four zero-day flaws were first reported on March 19 and March 20, they were not being exploited in the wild. HP has a responsible disclosure process for Pwn2Own vulnerabilities and has not publicly disclosed the flaws. From a features perspective, the Firefox 28 update had been anticipated to include Mozilla's first real attempt at a native Windows Modern UI (formerly known as Metro) interface. Nightingale decided to terminate the Firefox for Metro effort last week after coming to the conclusion that Mozilla's resources would be better utilized elsewhere. While Firefox 28 does not have a Metro interface, it is still available as a normal Windows application, as an alternative to Microsoft's Internet Explorer Web browser. IE was also targeted by security researchers at the Pwn2Own event, though Microsoft has yet to patch its browser for the reported zero-day flaws.