Frederik Braun �

RE: https://infosec.exchange/@attackanddefense/116115800055258835

Watch this documentary and hear me say that I am not nervous at all and just a tiny bit excited while speaking really fast and gesturing like a mad man. This was awesome!

Feb 22 at 6:56pmWeb
Show threadFrederik Braun �Feb 23
Btw the exploits and the patches are also public. Look at the bugs for more info. https://bugzilla.mozilla.org/show_bug.cgi?id=1966612 (Day 1) and https://bugzilla.mozilla.org/show_bug.cgi?id=1966614 (Day 2)
1966612 - (CVE-2025-4918) pwn2own-2025-1: First entry from May 16th (out of bounds write in promiseAllSettled)

VERIFIED (jdemooij) in Core - JavaScript Engine. Last updated 2025-09-04.

Show threadlitFeb 23
@freddy really looking forward to the 2nd part to get a glimpse of how you do product security response at MOZ
Show threadFrederik Braun �Feb 23
@ll1t tomorrow 🤫