Firefox not featured in Security contest (Pwn2Own) what's your opinion?
 

http://venturebeat.com/2016/03/18/pw...rded-in-total/

The sponsors said that it's not worth paying hackers to find vulnerabilities in Firefox because it's too easy. They focused instead on the other browsers at this event.

I always knew Chrome was more bleeding edge in security but the anarchist in me hates Google's telemetry spying. There is ungoogle-chromium for Debian and Inox patches for Arch.

Replacing Chrome with another code blob off some github page seems even more stupid though. :scratch:

They mentioned that all that was done on Windows/OSX. I suppose there's no fun trying that on a Linux box. (Even if you got down to the system you wouldn't get root access).
I assume that both Microsoft and Apple put quite some money into hardening their system's browsers as they may have a reputation to loose. (Well, Microsoft not that much, really.;))

As with most hacks, a combination of program and OS level tricks are being used with ease. This has been an annual event and never seems to improve the users security. Just ends up being a new hole next year for profit.

I have only said that you have no reasonable expectation that your data will be secure when connected to the internet.

It's not like Linux has never had privilege escalation exploits.

No. But not as much as others by far. (See that recent thread on LQ by the way.)

Web-based exploits these days have little regard to host OS. Sometimes if you take security too seriously, you would not want to use computer and connect to the 'net.

Where do they say that? I read the venturebeat article you linked to and I find no mention. I'd be curious to see the statement in context, and to know who said it.

Thanks.

I'm with this guy; look at the CVE stats.

It seems odd that Firefox was excluded; people do use Firefox, so why not put it to the same test as the other major browsers? If they truly believe that it's "too easy" (which is not, by the way, what pwn2own said, the quote that I could find states "We wanted to focus on the browsers that have made serious security improvements in the last year" [Gorenc], which is NOT saying "firefox is too easy") then don't award a grand prize for pwning it; make it a requirement that you first pwn firefox before you can start your attacks on the "better" ones.

Obviously, the event is a competitive event, not a scientific study.

Also, the internet is reporting about this as badly as the internet reports on everything else. Muddled, poorly cited, poorly quoted, no context. But I digress.

Perhaps they were afraid that even being "easy" Firefox might still beat the others in some tests??

More likely the money is coming from the companies who have lots, and Mozilla isn't one of them.