Researchers hack into newest Firefox with zero-day flaw

Summary:The exploit was triggered against a use-after-free vulnerability in the open-source browser and successfully evaded DEP and ALSR, two anti-exploit mitigations built into the Windows operating system.

Willem Pinckaers and Vincenzo Iozzo

VANCOUVER -- Mozilla's Firefox is the latest browser to fall victim to hackers at this year's Pwn2Own hacker contest.

Two researchers working together -- Willem Pinckaers and Vincenzo Iozzo -- exploited a single zero-day vulnerability in the latest Firefox 10.0.2 (Windows 7 SP1) to cart off a $30,000 cash prize.

follow Ryan Naraine on twitter

The exploit was triggered against a use-after-free vulnerability in the open-source browser and successfully evaded DEP and ALSR, two significant anti-exploit mitigations built into the Windows operating system.

Firefox does not have a sandbox, which made it an easy target at Pwn2Own, which unearthed multiple zero-day flaws in Microsoft's Internet Explorer and the Google Chrome browser.

[ SEE: Teenager hacks Google Chrome with three 0day vulnerabilities [

In an interview after demonstrating the drive-by download attack for Pwn2Own organizers, Pinckers said he was able to convert the use-after-free bug into two separate information-leak conditions to complete the exploit.

"We triggered the same vulnerability three times.  We used it once to leak some information, the used it again to leak addresses of our data.  Then, we used the same vulnerability a third time get code execution."

Pinckaers said it took him a single day to write a reliable exploit after Iozzo gave him the vulnerability.

ALSO SEE:

  • Pwn2Own 2012: Google Chrome browser sandbox first to fall
  • CanSecWest Pwnium: Google Chrome hacked with sandbox bypass
  • Charlie Miller skipping Pwn2Own as new rules change hacking game
  • CanSecWest Pwn2Own hacker challenge gets a $105,000 makeover
  • How Google set a trap for Pwn2Own exploit team
  • Topics: Security, Apps, Browser, Google

    About

    Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

    zdnet_core.socialButton.googleLabel Contact Disclosure

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Related Stories

    The best of ZDNet, delivered

    You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
    Subscription failed.