Sun, 10 Maregulation

Firefox encuentra un error de hace 20 años y parchea 14 meses de correcciones en 30 días usando Mythos AI de Anthropic

Neutral

Burns Brief

La última actualización de seguridad de Firefox de Mozilla ofrece una visión poco común de lo que sucede cuando las capacidades de inteligencia artificial llegan a los defensores antes que a los atacantes. Los participantes del mercado están sopesando cuidadosamente las implicaciones, y el resultado probablemente dependerá de condiciones macroeconómicas más amplias y del volumen. Esté atento a la confirmación del volumen: una ruptura por encima del volumen promedio indicaría que es probable que la tendencia continúe.

Mozilla’s latest Firefox security update provides a rare glimpse into what happens when frontier AI capabilities reach defenders before attackers. The company said it fixed 423 Firefox security bugs in April after gaining access to Claude Mythos Preview, compared with roughly 420 fixes over the previous 14 months. That compression is the signal. The defensive side did in one month what had previously taken more than a year, then disclosed a sample of the bugs to show the depth of latent risk still present inside a mature, heavily tested browser codebase. The strongest anchor is age. One of the disclosed bugs, Bug 2025977 , was a 20-year-old XSLT reentrancy issue in which key() calls could trigger a hash table rehash, free backing storage, and leave a raw entry pointer in use. Another, Bug 2024437 , involved a 15-year-old flaw in the HTML element. These are exactly the kinds of long-buried defects that can survive ordinary testing, fuzzing, and manual review because they sit inside obscure edge cases, older subsystems, or complex interactions across distant parts of the browser. Mozilla said Claude Mythos Preview helped identify and fix 271 bugs in the Firefox 150 release , with additional fixes shipped in 149.0.2 , 150.0.1 , and 150.0.2 . Of those 271 Firefox 150 bugs, 180 were rated sec-high, 80 were sec-moderate, and 11 were sec-low. A graph showing the volume of Firefox security bug fixes shipped by month, trending in the 20-30 range throughout each month in 2025, with a spike to 60-70 in February and March 2026, up to 423 in April 2026 Mozilla’s security severity framework assigns sec-high to vulnerabilities that can be triggered by normal user behavior, such as visiting a web page. That places the findings in a serious operational category, even where Mozilla had built no full proof of real-world weaponization. The 20-year bug shows how long exploitable-looking flaws can survive Firefox is an old, high-value, heavily scrutinized browser. Its code has b

Key Takeaways