Anthropic Discovers 22 Vulnerabilities in Firefox in Collaboration with Mozilla
In a recent security partnership with Mozilla, Anthropic uncovered a total of 22 vulnerabilities within Firefox. Out of these vulnerabilities, 14 were classified as “high-severity.” The majority of these bugs have already been addressed in Firefox 148, which was released in February. However, some fixes are still pending and will be implemented in the upcoming release.
Anthropic’s team utilized Claude Opus 4.6 during a two-week period, initially focusing on the JavaScript engine before expanding their analysis to other parts of the codebase. The decision to target Firefox was based on the project being recognized as a complex codebase and one of the most rigorously tested and secure open-source initiatives globally.
Interestingly, while Claude Opus proved to be highly effective in identifying vulnerabilities, the team faced challenges in developing software to exploit them. Despite investing $4,000 in API credits for creating proof-of-concept exploits, they only achieved success in two instances.
This experience underscores the potential of AI tools in enhancing the security of open-source projects, despite the drawbacks such as an influx of unproductive merge requests along with beneficial contributions.
