11 comments

[ 3.3 ms ] story [ 43.1 ms ] thread
Remember the good old days when this sort of thing was unlikely due to the "eyeballs on code" theory?
Mozilla is just a shittier Google now. They purposely make a terrible browser so that the media just drives everyone to Chrome.
Come on.. nothing gets shittier than google
The author doesn't know that Firefox on iOS cannot be affected due to the design of browsers of iOS (they are not allowed to use internal JavaScript or web rendering engines).

That brings into question the rest of the analysis in the article.

They also seem to believe the speed of an exploit is relevant enough to put it in the headline and repeat it several times in th article.
Also, eight seconds sounds like a terrifically long time for it to take effect. That's tens of billions of CPU cycles, billions of arithmetic instructions, millions of disk seeks, a hundred or so page loads, a dozen "knock knock" jokes in call-and-response between London and Sydney. How non-technical does one have to be to think "eight seconds" is fast in computer time?!
To me, 8 seconds implies 'it probably needs loads of heap grooming, and even then is probably only 90% reliable'
Why is the duration important? Or are they saying the hack was developed in 8 seconds?
It's to warn you that the author has no clue about security and you should look for a better source.
The author of this article clearly has no clue what he is talking about, but are there any write-ups, streams or similar from pwn2own participants finding these vulnerabilities?