Mozilla engineers released Firefox 52.0.1 to patch a security flaw that came to light last Friday, in the Pwn2Own 2017 hacking contest.
All in all, it took Mozilla engineers only 22 hours from the time the bug was used during the competition, on Friday, March 17, and to when Mozilla published Firefox 52.0.1.
The vulnerability (CVE-2017-5428) was discovered and successfully used by the Chaitin Security Research Lab from Beijing, China, who exploited Firefox with an integer overflow and escalated privileges through an uninitialized buffer in the Windows kernel to get system-level privileges. Researchers won $30,000 for their exploit chain.
View full story
ORIGINAL SOURCE: Bleeping Computer