Firefox and Edge have been exploited at Pwn20wn
Mozilla Firefox and Microsoft Edge web browsers were exploited several times at the Pwn20wn hacking contest.
The first target was the Firefox browser on which the Fluoroacetate team has managed to exploit a JIT bug and running code at a system level. After that, they have managed to take over the PC by pointing Firefox to a website running malicious content. For this breaking into the Firefox browser, the Fluoroacetate team consisting of two researchers won a prize of $50.000.
Fluoroacetate team was not the only one who managed to hack Firefox. Niklas Baumstak also managed to exploit a JIT bug combined with a logic bug to escape the browser’s sandbox. Niklas managed to gain full system control using log-in rights. For his effort, Niklas won $40,000.
The second target for the Fluoroacetate team at Pwn20wn was Microsoft Edge. They had to use a very complex way to exploit the Microsoft Edge browser. Using Microsoft Edge on VMWare Workstation client they have accessed their specially crafted web page where they have managed to run malicious code on the underlying hypervisor.
For this exploit and efforts, Cama and Zhu from the Fluoroacetate team have won a prize of $130,000.
Microsoft Edge was also exploited by Arthur Gerkis of Exodus Intelligence. He managed to exploit a double-free bug to escape Microsoft Edge’s sandbox for what he claimed $50,000.