Sun, 10 Maregulation

Firefox findet einen 20 Jahre alten Fehler und behebt mithilfe der Mythos-KI von Anthropic 14 Monate lang Korrekturen in 30 Tagen

Neutral

Burns Brief

Mozillas neuestes Firefox-Sicherheitsupdate bietet einen seltenen Einblick in das, was passiert, wenn Grenz-KI-Funktionen die Verteidiger vor den Angreifern erreichen. Marktteilnehmer wägen die Auswirkungen sorgfältig ab, wobei das Ergebnis wahrscheinlich von den allgemeineren Makrobedingungen und dem Umfang abhängt. Achten Sie auf die Bestätigung des Volumens – ein Ausbruch über das durchschnittliche Volumen würde signalisieren, dass sich der Trend wahrscheinlich fortsetzt.

Mozilla’s latest Firefox security update provides a rare glimpse into what happens when frontier AI capabilities reach defenders before attackers. The company said it fixed 423 Firefox security bugs in April after gaining access to Claude Mythos Preview, compared with roughly 420 fixes over the previous 14 months. That compression is the signal. The defensive side did in one month what had previously taken more than a year, then disclosed a sample of the bugs to show the depth of latent risk still present inside a mature, heavily tested browser codebase. The strongest anchor is age. One of the disclosed bugs, Bug 2025977 , was a 20-year-old XSLT reentrancy issue in which key() calls could trigger a hash table rehash, free backing storage, and leave a raw entry pointer in use. Another, Bug 2024437 , involved a 15-year-old flaw in the HTML element. These are exactly the kinds of long-buried defects that can survive ordinary testing, fuzzing, and manual review because they sit inside obscure edge cases, older subsystems, or complex interactions across distant parts of the browser. Mozilla said Claude Mythos Preview helped identify and fix 271 bugs in the Firefox 150 release , with additional fixes shipped in 149.0.2 , 150.0.1 , and 150.0.2 . Of those 271 Firefox 150 bugs, 180 were rated sec-high, 80 were sec-moderate, and 11 were sec-low. A graph showing the volume of Firefox security bug fixes shipped by month, trending in the 20-30 range throughout each month in 2025, with a spike to 60-70 in February and March 2026, up to 423 in April 2026 Mozilla’s security severity framework assigns sec-high to vulnerabilities that can be triggered by normal user behavior, such as visiting a web page. That places the findings in a serious operational category, even where Mozilla had built no full proof of real-world weaponization. The 20-year bug shows how long exploitable-looking flaws can survive Firefox is an old, high-value, heavily scrutinized browser. Its code has b

Key Takeaways