Mozilla's Security Team Handles Firefox Zero-Day Exploits at Pwn2Own Berlin 2024

The video documents the handling of two Firefox zero-day exploits at Pwn2Own Berlin, a prestigious hacking competition where researchers demonstrate real-world vulnerabilities in fully updated software. The event took place in May 2024, with Mozilla’s security team—including Freddy (application security manager) and Christian Holler (principal engineer)—preparing for potential exploits as part of a controlled "fire drill" to test their incident response. Two teams targeted Firefox: Edward Bochin and Taoan from Palo Alto Networks, and Manfred Paul, a repeat competitor known for exploiting all major browsers in prior events. The first team successfully demonstrated their exploit in five seconds on stage, though the preparation took weeks, and Mozilla received the details in a disclosure room for analysis and patching within 90 days. The video highlights how Pwn2Own serves as both a competition and a learning opportunity, providing vendors with well-documented exploits to improve security hardening. Mozilla treats the event as a proactive measure, using insights to refine defenses against future threats. The exploit trade was briefly shown, including a $50,000 sale of a USB stick containing the zero-day code.