Hacker News new | ask | show | jobs
by kingkilr 2314 days ago
(Former Firefox Security Engineer)

I suspect it's because Firefox exploits have looked the same for the last several years -- there has not been a lot of novelty required to implement an exploit, given an arbitrary read/write primitive.

P0 does report vulnerabilities to Firefox though, and they obviously get fixed, they're just not particularly interesting to exploit.
2 comments
saagarjha 2314 days ago
> I suspect it's because Firefox exploits have looked the same for the last several years -- there has not been a lot of novelty required to implement an exploit, given an arbitrary read/write primitive.

Surely other browsers do not differ from this significantly?

link
tedunangst 2314 days ago
An arbitrary write primitive in the chrome render process hasn't been game over for quite some time.
link
saagarjha 2314 days ago
I mean, is it on Firefox?
link
tedunangst 2313 days ago
Until a year ago(?), yes.
link
arkadiyt 2314 days ago
Perhaps that'll change once Project Fission lands in the stable release
link