Firefox and Chrome patched ALREADY after Pwn2own – now the pressure is on for IE and Microsoft!


That was quick!

Mozilla and Google have already pushed out patches to stop the exploits that got past their browsers at this year’s PWN2OWN competition!

Firefox goes to version 19.0.2, fixing what Mozilla describes as a Use-after-free in HTML Editor:

→ Mac and Linux users of Firefox may be wondering where 19.0.1 went, as they won’t have seen such a version. It was a Windows-only update to deal with some Windows-specific graphics card troubles. There were no security fixes in it.

Chrome goes to version 25.0.1364.160, fixing what Google calls a Type confusion in WebKit:

These updates certainly throw down the gauntlet to Microsoft, whose Internet Explorer 10 browser was also successfully breached in the competition.

Microsoft has already announced – or “pre-announced”, whatever that means – the fixes that are coming in next week’s Patch Tuesday, and for obvious reasons, the vulnerability revealed yesterday is not one of them.

So it’s hard to imagine Microsoft being ready with a fix before next month, let alone by next week.

Redmond, to be fair, has many more products with much more complex inter-relationships to juggle than Mozilla, and even Google.

But since Internet Explorer is supposed to be “just another application” as far as Windows (and certainly the European Union) is concerned, you’d have to think that it’s still within the bounds of possibility for Microsoft to do something before next Tuesday rolls around.

Even if it’s only a temporary Fixit patch, or a consumer-centric patch pushed to non-corporate users only.

For Microsoft to get out an IE patch in time for next week would be a strong technical showing, a great security outcome, and a fantastic marketing manoeuvre.

While we wait for Redmond, let’s congratulate the Mozilla and the Chrome teams on their speedy responses.

And let’s remember, too, that this story shows that the scales aren’t inevitably tipped in the Bad Guys’ favour, as we so often hear people complain.

Word on the street is that the exploits deployed in this year’s PWN2OWN didn’t come easily, taking weeks or even months of dedicated effort to uncover, while the patches, at least for the open-source browser codebases, came really quickly.

It’s nice to know that ever more security really is getting baked into the browser software with which we confront the perils of the internet!