X
Tech

Researchers hack into newest Firefox with zero-day flaw

The exploit was triggered against a use-after-free vulnerability in the open-source browser and successfully evaded DEP and ALSR, two anti-exploit mitigations built into the Windows operating system.
Written by Ryan Naraine, Contributor

Willem Pinckaers and Vincenzo Iozzo

VANCOUVER -- Mozilla's Firefox is the latest browser to fall victim to hackers at this year's Pwn2Own hacker contest.

Two researchers working together -- Willem Pinckaers and Vincenzo Iozzo -- exploited a single zero-day vulnerability in the latest Firefox 10.0.2 (Windows 7 SP1) to cart off a $30,000 cash prize.

The exploit was triggered against a use-after-free vulnerability in the open-source browser and successfully evaded DEP and ALSR, two significant anti-exploit mitigations built into the Windows operating system.

Firefox does not have a sandbox, which made it an easy target at Pwn2Own, which unearthed multiple zero-day flaws in Microsoft's Internet Explorer and the Google Chrome browser.

[ SEE: Teenager hacks Google Chrome with three 0day vulnerabilities [

In an interview after demonstrating the drive-by download attack for Pwn2Own organizers, Pinckers said he was able to convert the use-after-free bug into two separate information-leak conditions to complete the exploit.

"We triggered the same vulnerability three times.  We used it once to leak some information, the used it again to leak addresses of our data.  Then, we used the same vulnerability a third time get code execution."

Pinckaers said it took him a single day to write a reliable exploit after Iozzo gave him the vulnerability.

ALSO SEE:

  • Pwn2Own 2012: Google Chrome browser sandbox first to fall
  • CanSecWest Pwnium: Google Chrome hacked with sandbox bypass
  • Charlie Miller skipping Pwn2Own as new rules change hacking game
  • CanSecWest Pwn2Own hacker challenge gets a $105,000 makeover
  • How Google set a trap for Pwn2Own exploit team
  • Editorial standards