Jetzt Ausprobieren
Vulnerability

Mozilla Fixes 2 Critical Firefox Vulnerabilities Exploited at Pwn2Own

2 min. read
25/03/2024
By Laura Libeer
firefox vulnerability

⚡ TL;DR | Go Straight to the Mozilla Firefox Vulnerability Audit Report

Mozilla released security updates for Firefox and Firefox ESR in response to 2 critical zero-day vulnerabilities. The vulnerabilities were exploited during the Pwn2Own Vancouver 2024 hacking competition and can lead to remote code execution. This could in turn compromise the sensitive data and systems. We have added a new report to Lansweeper to help you locate vulnerable devices.

Firefox Vulnerabilities CVE-2024-29943 and CVE-2024-29944

The vulnerabilities tracked as CVE-2024-29943 and CVE-2024-29944 have both received a critical rating in Mozilla’s advisory. CVE-2024-29943 would allow an attacker to „perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination“. CVE-2024-29944 is a privileged JavaScript execution via event handlers. When successfully exploited these issues can lead to remote code execution. You can find more details on Mozilla’s advisory.

Update Vulnerable Firefox Instances

The vulnerabilities were successfully exploited at the Pwn2Own hacking competition in Vancouver. Mozilla patched both flaws just 1 day later in Firefox version 124.0.1 and Firefox ESR 15.9.1. The Zero Day Initiative usually allows vendors 90 days to push fixes before they publicly disclose them. However, it is still advisable to update your Firefox installations as soon as possible.

Discover Vulnerable Firefox and Firefox ESR Installs

We have added a new report to Lansweeper to help you find any vulnerable Firefox installations. This will give you an actionable list of devices that are still running older versions of Firefox or Firefox ESR so you can update them accordingly. You can get the report via the links below.

Mozilla Firefox Vulnerability Audit Report