Mozilla has released an interim patch for a serious vulnerability in Firefox 52 that can be used to take over a computer. The vulnerability was found last Thursday during the Pwn2Own contest and reported to Mozilla. During the annual hacking contest researchers also found vulnerabilities in Edge and Safari. Only Google Chrome came out unscathed from the competition.
The Firefox developers do a good job, but despite all the tests, it can happen that there is a problem with a release. This is the case with the long planned Firefox 52.
The vulnerability in Mozilla Firefox was serious. Normally it is possible through a serious vulnerability to take over a computer, visiting example suffices a malicious website. In this case the vulnerable component was in the content sandbox and there was a second vulnerability that was able to take over a computer, according to Mozilla.
From the description of the attack by Trend Micro, the security company which organized the competition, the researchers used an integer overflow to compromise Firefox and an uninitialized buffer in the Windows kernel to increase their user rights. The update to Firefox 52.0.1 will occur automatically on most systems, but can also manually via Mozilla.org.
The release notes for Firefox 52.0.1 reveal the main reason for the update: A small programming error, which in certain cases can lead to an arithmetic overflow, which can in turn make the entire system vulnerable to attackers. From Mozilla itself this bug was classified as critical, so an patch update to the latest version has been done.