Mozilla Found 12 Critical Firefox Bugs Using Claude Mythos AI

Mozilla's security team used Claude Mythos Preview and custom orchestration to uncover 12 latent vulnerabilities in Firefox, including a 20-year-old XSLT bug, a 15-year-old HTML rendering flaw, and multiple sandbox escapes that eluded professional fuzzing for years.

The team combined three techniques: steering (directing the model's attention to specific attack surfaces), scaling (running the harness at high volume), and stacking (chaining multiple model passes to filter noise). The approach let Claude Mythos reason about multi-step exploit chains — not just pattern matching. Mozilla notes that bugs of this class are "notoriously difficult to find with fuzzing," especially sandbox escapes requiring reasoning about inter-process trust boundaries and refcount lifecycles across IPC.

The 12 disclosed bugs show depth uncommon in AI-generated reports. Bug 2025977 is a 20-year-old XSLT use-after-free: reentrant key() calls trigger a hash table rehash that frees its backing store while a raw entry pointer remains live. Bug 2024437 is a 15-year-old flaw in the HTML legend element, triggered by precise orchestration of recursion stack depth, expando properties, and cycle collection. Bug 2021894 exploits a race condition over IPC, letting a compromised content process manipulate IndexedDB refcounts in the parent process to trigger a UAF and potential sandbox escape. Bug 2026305 exploits rowspan=0 semantics by appending more than 65,535 rows to overflow a 16-bit layout bitfield — undetected by fuzzers for years.

For enterprise security architects, this work reframes AI auditing as present practice, not future promise. An AI that synthesizes multi-component exploit primitives across IPC boundaries, garbage collection cycles, and nested event loops operates at a level that amplifies manual red-team effort. Organizations running Electron-based platforms, embedded browser engines, or long-lived C++ codebases should audit their vulnerability-discovery pipeline now.

AI-generated security reports were recently known as low-signal noise, cheap to generate and expensive for maintainers to triage. That calculus has shifted. Claude Mythos Preview with the orchestration harness generates reports of sufficient specificity that Mozilla funded early disclosure to accelerate industry-wide adoption. The quality barrier has moved.

Real constraints exist. The disclosed sandbox escapes assume a compromised content process is already running attacker-controlled code. Full-chain exploits require an initial foothold. Mozilla also notes the model failed to bypass hardened subsystems — including frozen prototype protections added after earlier sandbox-escape disclosures — which suggests the technique complements architectural hardening rather than replacing it. The 12 bugs represent an arbitrary sample; the full undisclosed set likely skews toward more sensitive findings.

Mozilla's decision to publish detailed exploit primitives ahead of the usual multi-month embargo signals urgency. With Claude Mythos Preview named as the discovery catalyst, Anthropic gains a credible third-party proof point for frontier-model capability in adversarial security research — an area where benchmark scores matter far less than shipped patches.