Discovered by: Dino Dai Zovi
Dino Dai Zovi set a new land speed record by discovering and exploiting this vulnerability in less than 9 hours for CanSecWest’s PWN2OWN challenge. The bug was exploitable on Windows and OS X via Internet Explorer, Firefox and Safari. For more details check out the following interview.