First vendor to fix a vulnerability revealed at last week's hacking contest Credit: Magdalena Petrova/IDG Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.“Congrats to #Mozilla for being the first vendor to patch vuln[erability] disclosed during #Pwn2Own,” tweeted the Zero Day Initiative (ZDI) Monday. ZDI, the bug brokerage run by Trend Micro, sponsored Pwn2Own.Mozilla released Firefox 52.0.1 on Friday, March 17, with a patch for the integer overflow bug that Chaitin Security Research Lab leveraged in an exploit at Pwn2Own on Thursday, March 16. The Beijing-based group was awarded $30,000 by ZDI for the exploit, which combined the Firefox bug with one in the Windows kernel.The vulnerability was rated “Critical” by Mozilla in an accompanying description. As usual, the company masked the technical details of the bug to outsiders. Chaitin was just one of several Chinese security teams that participated in Pwn2Own, again held at the annual CanSecWest conference in Vancouver, B.C., Canada. The group took third place among the participants, and won a total of $90,000 in prize money.Firefox was not the only browser to fall at Pwn2Own. Apple’s Safari was hacked four times at the contest, and Microsoft’s Edge was exploited five times during the three-day event. Google’s Chrome, however, came away unscathed. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe