Sun, 10 Maregulation

Firefox détecte un bug vieux de 20 ans et corrige 14 mois de correctifs en 30 jours à l'aide de Mythos AI d'Anthropic

Neutral

Burns Brief

La dernière mise à jour de sécurité de Firefox de Mozilla offre un rare aperçu de ce qui se passe lorsque les capacités de l'IA de pointe atteignent les défenseurs avant les attaquants. Les acteurs du marché évaluent soigneusement les implications, le résultat dépendant probablement des conditions macroéconomiques et du volume plus larges. Surveillez la confirmation du volume : une cassure au-dessus du volume moyen indiquerait que la tendance est susceptible de se poursuivre.

Mozilla’s latest Firefox security update provides a rare glimpse into what happens when frontier AI capabilities reach defenders before attackers. The company said it fixed 423 Firefox security bugs in April after gaining access to Claude Mythos Preview, compared with roughly 420 fixes over the previous 14 months. That compression is the signal. The defensive side did in one month what had previously taken more than a year, then disclosed a sample of the bugs to show the depth of latent risk still present inside a mature, heavily tested browser codebase. The strongest anchor is age. One of the disclosed bugs, Bug 2025977 , was a 20-year-old XSLT reentrancy issue in which key() calls could trigger a hash table rehash, free backing storage, and leave a raw entry pointer in use. Another, Bug 2024437 , involved a 15-year-old flaw in the HTML element. These are exactly the kinds of long-buried defects that can survive ordinary testing, fuzzing, and manual review because they sit inside obscure edge cases, older subsystems, or complex interactions across distant parts of the browser. Mozilla said Claude Mythos Preview helped identify and fix 271 bugs in the Firefox 150 release , with additional fixes shipped in 149.0.2 , 150.0.1 , and 150.0.2 . Of those 271 Firefox 150 bugs, 180 were rated sec-high, 80 were sec-moderate, and 11 were sec-low. A graph showing the volume of Firefox security bug fixes shipped by month, trending in the 20-30 range throughout each month in 2025, with a spike to 60-70 in February and March 2026, up to 423 in April 2026 Mozilla’s security severity framework assigns sec-high to vulnerabilities that can be triggered by normal user behavior, such as visiting a web page. That places the findings in a serious operational category, even where Mozilla had built no full proof of real-world weaponization. The 20-year bug shows how long exploitable-looking flaws can survive Firefox is an old, high-value, heavily scrutinized browser. Its code has b

Key Takeaways