|

Firefox finds 20 year old bug and patches 14 months of fixes in 30 days using Anthropic’s Mythos AI

A graph showing the volume of Firefox security bug fixes shipped by month, trending in the 20-30 range throughout each month in 2025, with a spike to 60-70 in February and March 2026, up to 423 in April 2026

Mozilla’s newest Firefox safety replace offers a uncommon glimpse into what occurs when frontier AI capabilities attain defenders earlier than attackers. The firm mentioned it fastened 423 Firefox safety bugs in April after having access to Claude Mythos Preview, in contrast with roughly 420 fixes over the earlier 14 months.

That compression is the sign.

The defensive facet did in one month what had beforehand taken greater than a year, then disclosed a pattern of the bugs to indicate the depth of latent threat nonetheless current inside a mature, closely examined browser codebase.

The strongest anchor is age.

One of the disclosed bugs, Bug 2025977, was a 20-year-old XSLT reentrancy challenge in which key() calls might set off a hash desk rehash, free backing storage, and depart a uncooked entry pointer in use. Another, Bug 2024437, concerned a 15-year-old flaw in the HTML <legend> factor.

These are precisely the sorts of long-buried defects that may survive odd testing, fuzzing, and guide evaluate as a result of they sit inside obscure edge instances, older subsystems, or advanced interactions throughout distant components of the browser.

Mozilla mentioned Claude Mythos Preview helped establish and repair 271 bugs in the Firefox 150 release, with further fixes shipped in 149.0.2, 150.0.1, and 150.0.2. Of these 271 Firefox 150 bugs, 180 have been rated sec-high, 80 have been sec-moderate, and 11 have been sec-low.

(*20*)A graph showing the volume of Firefox security bug fixes shipped by month, trending in the 20-30 range throughout each month in 2025, with a spike to 60-70 in February and March 2026, up to 423 in April 2026

A graph exhibiting the amount of Firefox safety bug fixes shipped by month, trending in the 20-30 vary all through every month in 2025, with a spike to 60-70 in February and March 2026, as much as 423 in April 2026

Mozilla’s security severity framework assigns sec-high to vulnerabilities that may be triggered by regular consumer conduct, resembling visiting an internet web page. That locations the findings in a critical operational class, even the place Mozilla had constructed no full proof of real-world weaponization.

The 20-year bug exhibits how lengthy exploitable-looking flaws can survive

Firefox is an old, high-value, closely scrutinized browser. Its code has been examined by inside groups, exterior researchers, fuzzers, bug bounty hunters, and attackers for years.

That makes the April surge extra necessary as a result of the vulnerabilities surfaced inside a venture with mature safety engineering quite than inside a evenly reviewed codebase. Mozilla mentioned AI-generated safety reviews to open-source tasks had beforehand carried a high noise burden for maintainers.

Reports might look believable whereas nonetheless being mistaken, and the asymmetry was apparent: producing claims was low cost, whereas validating them consumed skilled engineering time.

The dynamic shifted as fashions improved and Mozilla constructed a harness round them. The firm described a pipeline that might steer fashions towards particular code areas, generate reproducible check instances, filter noise, deduplicate findings, triage severity, and transfer confirmed bugs into the safety lifecycle.

That surrounding system is central to the outcome.

The mannequin offered discovery energy, whereas the harness turned that energy into confirmed reviews and patches.

The disclosed pattern in Mozilla’s technical write-up included a WebAssembly GC bug that might create a fake-object primitive with potential arbitrary learn or write, IPC race circumstances affecting parent-process reference counts, uncooked NaN deserialization throughout an IPC boundary, parent-process stack reminiscence leakage throughout DNS parsing, use-after-free flaws, and sandbox escape candidates.

These are safety primitives that attackers worth as a result of they’ll develop into components of exploit chains. A reminiscence corruption bug can develop into a foothold.

An data leak can enhance reliability. A sandbox escape can broaden management from a constrained course of right into a privileged one.

The 20-year-old XSLT challenge sharpens the implication.

A bug can persist throughout a number of generations of browser structure, testing practices, and safety staffing. Longevity doesn’t routinely create exploitability, nevertheless it does create time for discovery and refinement by anybody succesful of discovering it.

A hostile actor with Mythos-level tooling earlier than Mozilla’s April patch run would have had a bigger search floor, a greater option to generate proof-of-concept exploits, and a stronger likelihood of discovering old flaws that had escaped earlier strategies.

Mozilla additionally emphasised that a number of bugs have been sandbox escapes. That class requires precision.

A sandbox escape often assumes {that a} content material course of has already been compromised, then makes use of one other vulnerability to succeed in a extra privileged course of. In browser exploitation, it is a crucial layer.

A primary-stage bug can place attacker-controlled code inside a constrained rendering course of. A second-stage sandbox escape can transfer execution towards the browser’s dad or mum course of, the place the attacker has much more leverage.

From there, the attacker could attempt to entry browser-mediated information, manipulate internet periods, observe delicate exercise, or pivot into further device-level exploitation relying on operating-system defenses, permissions, and chain reliability.

The worst case is attacker-first entry to Mythos-level discovery

The central threat is entry sequencing.

Mozilla found a Mythos-level vulnerability earlier than a hostile actor used the identical class of model-assisted pipeline towards Firefox at scale. Reverse that order, and the safety image adjustments.

An organization dealing with attackers with earlier entry to those methods could be defending towards a quicker search course of, a deeper exploit stock, and a bigger pool of chainable primitives. The sharp threat is {that a} subtle actor can use model-driven auditing to find entry bugs, data leaks, sandbox escapes, and reliability aids throughout the identical goal earlier than maintainers can establish, triage, patch, check, and ship fixes.

A practical high-end assault chain would use a number of items.

The first piece is a set off that may be reached via odd searching. Mozilla’s personal severity framework says sec-high bugs may be triggered by regular consumer conduct, together with visiting a web page.

The attacker then wants a primitive that offers code execution or reminiscence corruption inside a sandboxed content material course of. A JIT, WebAssembly, format, DOM, or parsing bug can serve that position if it may be made dependable.

The subsequent piece is a leak or sort confusion that helps defeat address-space format randomization or improves reminiscence shaping. The third piece is a sandbox escape, resembling a parent-process race, IPC boundary confusion, or privileged decoding path.

The last layer is post-exploitation code that turns browser management into helpful entry.

That finish state is extreme.

A profitable full-chain browser compromise can expose regardless of the browser can see or mediate. For odd customers, that may embrace energetic internet periods, delicate web page content material, credentials entered into websites, browser-accessible information uncovered via permissions, and the flexibility to control pages in ways in which alter what a sufferer sees.

For crypto customers, the chance profile is sharper.

Browsers sit between customers and exchanges, wallets, bridges, portfolio instruments, token approvals, custody dashboards, and inside admin panels. A browser-level compromise towards a focused crypto consumer might try and hijack periods, alter transaction particulars earlier than signing, inject malicious pockets prompts, seize credentials throughout entry, or use the browser as a foothold for deeper compromise towards a buying and selling desk, developer machine, journalist, or alternate worker.

The most harmful model is focused quite than mass-market.

A nation-state, ransomware affiliate, or financially motivated group would doubtless keep away from noisy broad exploitation at first. It might compromise web sites more likely to be visited by a slender goal set, ship tailor-made hyperlinks, or use a watering-hole marketing campaign towards builders, crypto executives, validators, researchers, infrastructure operators, or newsroom employees.

The sufferer solely must browse to the mistaken web page if the chain is dependable sufficient and the goal’s Firefox construct stays susceptible. Mozilla notes that many sandbox escapes require an already-compromised content material course of, which defines the attacker’s meeting downside.

Mythos-level functionality helps seek for precisely these lacking chain hyperlinks.

The attacker’s benefit comes from scale and optionality.

Traditional exploit analysis requires scarce experience, deep goal data, and time. Model-assisted safety harnesses can cut back the search value.

They can examine extra information, check extra hypotheses, and generate extra reproducible instances than a small human staff alone. A complicated human nonetheless has to information, validate, and weaponize the outcomes.

The mannequin compresses the invention part and expands the menu of candidate bugs. For defenders, patch velocity turns into a strategic constraint.

For attackers, the prize is a interval in which their discovery curve strikes quicker than the corporate’s remediation curve.

Crypto customers sit near the blast radius of browser compromise

For the crypto trade, browser safety is an upstream threat.

Wallets, exchanges, bridges, analytics dashboards, custody portals, governance instruments, and inside admin panels all depend upon the browser as a belief boundary. A safe signing circulate may be weakened by a compromised browser atmosphere.

A protected alternate account may be uncovered via a hijacked session or a manipulated interface. A newsroom, developer staff, or fund may be focused via odd internet exercise and then pressured via credential theft, session abuse, or transaction manipulation.

A hostile actor with early entry to Mythos-level functionality would achieve a bonus in the reconnaissance part.

The attacker might direct the system towards browser subsystems that work together with internet content material, serialization, media parsing, graphics, IPC, DNS, picture decoding, permissions, or privileged course of boundaries. Each confirmed defect would develop into a candidate constructing block.

Some candidates would fail. Others would require uncommon sufferer conduct.

A smaller set might develop into operational when paired with different bugs. That funnel is sufficient to create critical threat when the goal inhabitants contains high-value wallets, alternate operators, infrastructure engineers, or journalists overlaying delicate markets.

The hazard additionally extends to supply-chain and operational workflows.

Crypto groups usually depend on browser-based admin consoles for cloud suppliers, analytics providers, buyer help methods, alternate dashboards, {hardware} pockets interfaces, treasury tooling, and communications platforms. A browser-level exploit towards a single privileged worker might place the attacker inside methods that have been by no means instantly susceptible.

In that state of affairs, the browser turns into the bridge between public internet content material and non-public operational entry.

Mozilla’s April patch surge ought to due to this fact be handled as an early warning for the broader software program stack.

The firm had the mannequin, the harness, and the engineering capability to transform findings into fixes. Many firms have solely half of that system.

Some don’t have any comparable pipeline in any respect. If attackers obtain equal discovery functionality first, the hole between latent bugs and operational exploitation can shrink.

The defensive facet then faces compressed timelines throughout validation, patching, regression testing, disclosure, and consumer updates.

Mozilla’s personal FAQ provides an necessary boundary.

A sec-high or sec-critical bug is just not routinely equal to a sensible exploit. In many instances, a single bug is inadequate for full Firefox compromise as a result of the browser has a defense-in-depth structure, sandboxing, site-specific processes, and operating-system mitigations resembling ASLR.

Mozilla additionally mentioned it usually doesn’t construct exploits to find out whether or not every bug might be utilized by an attacker in the true world. It classifies high-severity points primarily based on harmful signs resembling use-after-free or out-of-bounds reminiscence conduct and assumes that any such challenge could also be exploitable with sufficient effort.

That conservative posture is acceptable as a result of false negatives in exploitability evaluation are expensive.

Defenders want model-assisted auditing earlier than attackers industrialize it

Mozilla’s work factors towards a brand new safety threshold for main software program tasks.

Access to superior fashions is just one layer. The group additionally wants a system that turns findings into shipped fixes with out collapsing below quantity.

The firm described the operational burden clearly: each bug required care, consideration, evaluate, testing, and launch administration. More than 100 individuals contributed code to the hardening effort, alongside engineers engaged on triage, scaling, testing, and releases.

The mannequin elevated discovery throughput, and the group needed to take in the ensuing patch load.

The similar dynamic applies past browsers.

Any firm with a big codebase, a posh permission mannequin, or an uncovered parsing floor faces a discovery atmosphere that may change rapidly when a extra succesful mannequin turns into obtainable. Exchanges, pockets suppliers, custody platforms, cost processors, identification methods, cloud providers, and developer tooling firms all share the identical structural downside.

Attackers can level fashions at old code, low-traffic modules, awkward boundary layers, serialization codecs, plugin methods, parsers, and privilege transitions. Those are the locations the place old assumptions accumulate and the place exploit-chain parts usually sit.

Mozilla’s instance additionally exhibits why prior hardening investments can repay below mannequin stress.

The firm mentioned its fashions tried sandbox escapes by way of prototype air pollution in the privileged dad or mum course of, however these makes an attempt have been blocked by an earlier architectural change that froze prototypes by default. AI-assisted discovery will increase stress on weak seams.

Strong defaults, privilege separation, sandboxing, reminiscence security, fuzzing, and exploit mitigations can power attackers into longer chains. Longer chains improve value and failure factors.

When frontier fashions make vulnerability discovery cheaper, architectural defenses develop into extra worthwhile as a result of they flip remoted bugs into incomplete assaults.

The coverage debate round frontier safety fashions usually facilities on offensive or defensive use.

Mozilla’s case exhibits the reply relies on who will get entry first and who has the operational capability to behave on the output. In defender fingers, Mythos-level methods can speed up hardening.

In the attacker’s fingers, the identical class of functionality can speed up stock constructing. The asymmetry is sensible.

Attackers want fewer confirmed outcomes, can hold findings non-public, and can give attention to a slender goal. Defenders want to repair broadly, keep away from regressions, coordinate releases, and shield slow-updating customers.

That leaves firms with a direct mandate: construct AI-assisted safety pipelines earlier than adversaries use comparable methods towards them.

The subsequent part of vulnerability administration will favor groups that may scan constantly, reproduce findings routinely, route reviews intelligently, and ship patches rapidly. Mozilla mentioned it intends to maneuver towards steady integration scanning as patches land in the tree.

That is the proper route.

The window between discovery and exploitation is narrowing. (*30*) with mannequin entry, harness maturity, and launch self-discipline will cut back latent threat.

(*30*) ready for public advisories could find out about their very own bugs after another person has already turned them into infrastructure.

Mozilla’s April patch surge exhibits that the defender benefit continues to be doable when entry, tooling, and launch capability align.

The similar episode additionally exhibits how fragile that benefit may be. A 20-year-old bug was nonetheless current.

Sandbox escape candidates have been nonetheless current. Hundreds of safety fixes moved via the pipeline in one month after model-assisted discovery scaled.

The subsequent check is whether or not the remaining of the software program ecosystem builds comparable defensive capability earlier than Mythos-level vulnerability discovery turns into routine in offensive fingers.

The publish Firefox finds 20 year old bug and patches 14 months of fixes in 30 days using Anthropic’s Mythos AI appeared first on CryptoSlate.

Similar Posts