
Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox - RedmondSecGnome
https://www.zerodayinitiative.com/blog/2019/4/18/the-story-of-two-winning-pwn2own-jit-vulnerabilities-in-mozilla-firefox
======
anonymousDan
How do these competitions work? Presumably the contestants had the exploits
ready to go beforehand? Or are they only told the application they need to
hack on the day - that is truly impressive if so! Are there any restrictions
on the tools the contestants can use (e.g. static/dynamic analysis tools)?

~~~
lol768
>Or are they only told the application they need to hack on the day - that is
truly impressive if so!

No, the applications that are available to attack are known in advance - the
exploits tend to involve months of work by talented researchers.

Source: I was around at MWR (purely as an uninvolved but interested spectator)
when mobile & regular pwn2own 2017/2018 were taking place.

------
phoe-krk
Why the hell people put screenshots of code in articles like that if they are
able to put beautifully syntax-colored and copypasteable code snippets
instead?

~~~
pjmlp
They need support from their CMS?

