Starting with Mozilla Firefox, Richard Zhu and Amat Cama from Fluoroacetate tried to exploit Firefox with a JIT Bug paired with an out-of-bounds write in Windows kernel. By leveraging this method, the researchers were able to run code at a system level. This means they essentially took over the PC by directing Firefox to a website with crafted malicious content. For breaking into Firefox, the pair were handed a prize of $50,000. Cama and Zhu were not the only researchers who defeated Firefox. Niklas Baumstark also used a JIT Bug combined with a logic bug to escape the browser’s sandbox. By doing so, he was able to work and achieve log-in rights and gain full system access. For his efforts, Baumstark was given a $40,000 for his research.
Beating Microsoft Edge
Zhu and Cama also set to work on Microsoft Edge. The team created a very complex way to exploit the browser to win $130,000. “Starting from within a VMWare Workstation client, they opened Microsoft Edge and browsed to their specially crafted web page,” Zero Day Initiative says. “That’s all it took to go from a browser in a virtual machine client to executing code on the underlying hypervisor. They started with a type confusion bug in the Microsoft Edge browser, then used a race condition in the Windows kernel followed by an out-of-bounds write in VMware workstation.” Microsoft Edge was also exploited by Arthur Gerkis of Exodus Intelligence. He used a double-free bug to escape the browser’s sandbox. For his efforts he claimed $50,000.
