Nils, a 26-year-old hacker who heads up the security research team at U.K.-based MWR InfoSecurity, also planned to attack Apple's Safari browser but after Charlie Miller's victory against that target, he did not get an opportunity.
As per the contest rules, he was not allowed to disclose details about the Firefox vulnerability -- contest sponsor TippingPoint ZDI owns the exclusive rights to that information -- but in a Q&A session with journalists here, Nils said the biggest challenge was navigating the anti-exploit mitigations in Windows 7.
He used several tricks to bypass Address Space Layout Randomization (ALSR) and Data Execution Prevention (DEP) to get his drive-by download to load an executable on the target machine.
ASLR+DEP are held up as significant roadblocks to thwart malware attacks on the newest versions of Windows but, as this contest shows, skilled hackers with enough motivation and resources can bypass those mitigations easily.
Nils said Mozilla can do a better job of opting into ASLR on Windows, a clear hint that implementation errors make it easy to bypass the Windows defenses.