Claude Opus 4.5 flags 22 Firefox bugs in just two weeks, raising security alarm

Claude Opus 4.5’s discovery spree began on May 14, when the Anthropic‑backed LLM was tasked with scanning Firefox’s open‑source codebase for anomalous patterns. Within 48 hours it flagged a cross‑origin resource sharing (CORS) misconfiguration that could allow malicious extensions to read privileged data, a flaw that Mozilla’s security team confirmed as “high severity” in an internal advisory (ForkLog). The model then proceeded to surface a series of memory‑corruption bugs in the browser’s rendering engine, each linked to unchecked pointer arithmetic in the Gecko layout module. According to the same ForkLog report, five of those bugs could be chained to achieve remote code execution, a scenario that would let an attacker execute arbitrary binaries on a victim’s machine without user interaction.

The subsequent 12‑day sprint produced an additional 17 issues, ranging from sandbox escape vectors to insecure default settings in the browser’s network stack. Notably, Opus 4.5 identified a race condition in the handling of HTTP 2 push promises that could be exploited to bypass Same‑Site cookie restrictions, a vulnerability that the Mozilla Security Response Team (MSRT) classified as “critical” after reproducing a proof‑of‑concept exploit (ForkLog). The LLM also uncovered a series of privilege‑escalation paths in Firefox’s WebExtensions API, where a malicious add‑on could elevate its permissions by exploiting a flaw in the manifest validation routine. Mozilla’s engineers patched 14 of the 22 findings within a week, but three high‑impact bugs remain under investigation, prompting the browser’s maintainers to issue an emergency advisory and temporarily disable the affected modules for downstream distributions (ForkLog).

Anthropic’s rapid turnaround on these disclosures underscores the growing role of generative AI in vulnerability research. The company announced the Claude Marketplace earlier this month, a platform that lets enterprises integrate Claude‑powered tools—such as the security‑focused Opus 4.5 variant—directly into their development pipelines (VentureBeat). By exposing the model to live code repositories and granting it read‑only access to build artifacts, the marketplace aims to automate the early‑stage detection of bugs that traditionally require manual code review. Anthropic’s rollout to finance and data‑analytics customers, highlighted in a separate VentureBeat piece, suggests the firm is positioning Claude as a cross‑domain assistant, from spreadsheet automation to security auditing (VentureBeat).

Mozilla’s response has been swift but measured. In a public statement, the organization thanked “the broader security community” for the “valuable contributions” of the Opus 4.5 findings and pledged to accelerate its bug‑bounty program to attract more AI‑driven research (ForkLog). The MSRT also warned that the sheer volume of bugs uncovered in a short window indicates “a systemic exposure surface” that could affect downstream forks of Firefox, including the Android and iOS variants that share much of the same codebase. As a precaution, Mozilla has temporarily raised its minimum bug bounty reward for browser‑related submissions from $5,000 to $10,000, hoping to incentivize deeper analysis of the remaining unfixed issues (ForkLog).

Industry analysts see the episode as a bellwether for AI‑augmented security testing. While the report does not cite external commentary, the pattern mirrors earlier successes where language models identified zero‑day vulnerabilities in large codebases, prompting vendors to integrate AI tools into their secure‑development lifecycles. The 22‑bug haul, achieved without any human‑initiated fuzzing or static analysis, demonstrates that LLMs can parse complex C++ and Rust code, infer control‑flow graphs, and surface logical flaws that escape conventional scanners. If Anthropic’s marketplace can scale this capability across enterprise environments, the balance of power in vulnerability discovery may shift from isolated security researchers to AI‑enabled teams that can operate continuously on open‑source projects (VentureBeat).

For end users, the immediate impact is limited to the rollout schedule of Mozilla’s patches. The browser’s auto‑update mechanism will begin delivering the fixes to stable channels within the next 48 hours, and users are advised to restart their browsers promptly to apply the security updates. Meanwhile, the episode reinforces the need for defense‑in‑depth strategies—such as employing content‑security policies, sandboxing extensions, and monitoring network traffic—for organizations that rely on Firefox as a primary interface. As Claude Opus 4.5 continues to scan other high‑profile projects, the security community will be watching closely to gauge whether AI can keep pace with the ever‑expanding attack surface of modern software.