This week the Pwn2Own competition took place as part of the CanSecWest security conference. The Pwn2Own competition provides cash rewards for individuals that are able to demonstrate a security vulnerability in browsers or the browser plugins Flash and Java.
Researchers successfully demonstrated new security vulnerabilities in all three browsers tested – Firefox, Chrome and IE. At the conclusion of the event we received technical details about the exploit so we could issue a fix.
We received the technical details on Wednesday evening and within less than 24 hours diagnosed the issue, built a patch, validated the fix and the resulting builds, and deployed the patch to users. Our fast turn around time on this security issue is a reflection of the priority and focus we place on security. Security is more than a side item for us, it’s part of our core principles.
We encourage community research within security and started the first major bug bounty program in 2004 for Firefox. Since then we’ve worked closely with experts around the world to help grow and mature security research. All security research and corresponding discoveries are used to proactively protect Firefox users as part of our larger security assurance program.