{"id":2887,"date":"2024-10-11T05:14:24","date_gmt":"2024-10-11T12:14:24","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2887"},"modified":"2024-10-11T06:24:00","modified_gmt":"2024-10-11T13:24:00","slug":"behind-the-scenes-fixing-an-in-the-wild-firefox-exploit","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/","title":{"rendered":"Behind the Scenes: Fixing an In-the-Wild Firefox Exploit"},"content":{"rendered":"<p>At Mozilla, browser security is a critical mission, and part of that mission involves responding swiftly to new threats. Tuesday, around 8 AM Eastern time, we received a heads-up from the Anti-Virus company ESET, who alerted us to a Firefox exploit that had been spotted in the wild. We want to give a huge thank you to ESET for sharing their findings with us\u2014it\u2019s collaboration like this that keeps the web a safer place for everyone.<\/p>\n<p>We\u2019ve already <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2024-51\/\">released a fix<\/a> for this particular issue, so when Firefox prompts you to upgrade, click that button.  If you don\u2019t know about Session Restore, you can ask Firefox to <a href=\"https:\/\/support.mozilla.org\/en-US\/kb\/restore-previous-session\">restore your previous session<\/a> on restart.  <\/p>\n<p>The sample ESET sent us contained a full exploit chain that allowed remote code execution on a user\u2019s computer. Within an hour of receiving the sample, we had convened a team of security, browser, compiler, and platform engineers to reverse engineer the exploit, force it to trigger its payload, and understand how it worked. <\/p>\n<p>During exploit contests such as pwn2own, we know ahead of time when we will receive an exploit, can convene the team ahead of time, and receive a detailed explanation of the vulnerabilities and exploit.  At pwn2own 2024, we shipped a fix in <a href=\"https:\/\/blog.mozilla.org\/security\/2024\/04\/04\/rapidly-leveling-up-firefox-security\/\">21 hours<\/a>, something that helped us earn <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2024\/8\/1\/introducing-the-vanguard-awards\">an industry award<\/a> for fastest to patch.  This time, with no notice and some heavy reverse engineering required, we were able to ship a fix in <strong>25 hours<\/strong>. (And we\u2019re continually examining the process to help us drive that down further.)<\/p>\n<p>While we take pride in how quickly we respond to these threats, it\u2019s only part of the process. While we have resolved the vulnerability in Firefox, our team will continue to analyze the exploit to find additional hardening measures to make deploying exploits for Firefox harder and rarer.  It\u2019s also important to keep in mind that these kinds of exploits aren\u2019t unique to Firefox. Every browser (and operating system) faces security challenges from time to time. That\u2019s why keeping your software up to date is crucial across the board.<\/p>\n<p>As always, we\u2019ll keep doing what we do best\u2014strengthening Firefox\u2019s security and improving its defenses.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>At Mozilla, browser security is a critical mission, and part of that mission involves responding swiftly to new threats. Tuesday, around 8 AM Eastern time, we received a heads-up from &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/\">Read more<\/a><\/p>\n","protected":false},"author":1610,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,69,77],"tags":[],"coauthors":[323226],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Behind the Scenes: Fixing an In-the-Wild Firefox Exploit - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tom Ritter\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/\",\"name\":\"Behind the Scenes: Fixing an In-the-Wild Firefox Exploit - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2024-10-11T12:14:24+00:00\",\"dateModified\":\"2024-10-11T13:24:00+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/8050c901fa7de4b8592fbf3883ada431\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Behind the Scenes: Fixing an In-the-Wild Firefox Exploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/8050c901fa7de4b8592fbf3883ada431\",\"name\":\"Tom Ritter\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/8c665b379ecb0126402892978ad819df\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3751f274d6ee027c0b815855573c73d5?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3751f274d6ee027c0b815855573c73d5?s=96&d=identicon&r=g\",\"caption\":\"Tom Ritter\"},\"sameAs\":[\"https:\/\/ritter.vg\",\"https:\/\/x.com\/tomrittervg\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Behind the Scenes: Fixing an In-the-Wild Firefox Exploit - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/","twitter_misc":{"Written by":"Tom Ritter","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/","url":"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/","name":"Behind the Scenes: Fixing an In-the-Wild Firefox Exploit - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2024-10-11T12:14:24+00:00","dateModified":"2024-10-11T13:24:00+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/8050c901fa7de4b8592fbf3883ada431"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2024\/10\/11\/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Behind the Scenes: Fixing an In-the-Wild Firefox Exploit"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/8050c901fa7de4b8592fbf3883ada431","name":"Tom Ritter","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/8c665b379ecb0126402892978ad819df","url":"https:\/\/secure.gravatar.com\/avatar\/3751f274d6ee027c0b815855573c73d5?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3751f274d6ee027c0b815855573c73d5?s=96&d=identicon&r=g","caption":"Tom Ritter"},"sameAs":["https:\/\/ritter.vg","https:\/\/x.com\/tomrittervg"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2887"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1610"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2887"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2887\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2887"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}