Claude AI Uncovers Major Firefox Security Flaws in Partnership With Mozilla

Accelerating Software Defense

Anthropic recently announced a successful collaboration with Mozilla where the Claude Opus 4.6 model identified 22 security vulnerabilities in the Firefox browser. Of these findings, 14 were designated as high-severity flaws, representing nearly one-fifth of the critical remediations Firefox typically handles in an entire year. These fixes were officially integrated into Firefox version 148.0, protecting hundreds of millions of global users from potential attacks. The partnership marks a shift from theoretical AI benchmarks to practical, real-world security applications. Researchers focused on the complex JavaScript engine and C++ files within the Firefox codebase, which are notoriously difficult to secure. Claude managed to find a critical Use After Free vulnerability within just 20 minutes of starting its analysis, a result that traditionally requires extensive manual labor.

The Role of Task Verifiers

This breakthrough was achieved using task verifiers, which are automated tools that allow the AI to self-check and reproduce crashes in real-time. By providing this immediate feedback loop, the model can iterate through thousands of files to isolate genuine security threats. Anthropic submitted 112 unique reports to Mozilla’s Bugzilla tracker to assist with the triage process and provided candidate patches for the identified bugs. While the AI proved highly efficient at discovery, the study revealed a significant gap in its ability to actually weaponize these bugs. Claude succeeded in creating crude exploits in only two out of several hundred attempts, and even those failed against standard browser sandboxing. This suggests that current AI capabilities favor defenders who use the technology to patch systems before malicious actors can develop functional attacks.

Expanding the Security Frontier

Anthropic is now expanding these efforts to other critical infrastructure projects, including the Linux kernel. The company has also released Claude Code Security in a limited preview to help open-source maintainers automate their own vulnerability research. Both organizations emphasize that while the current defender's advantage is strong, the window to harden software is closing as AI capabilities continue to evolve. Looking forward, the collaboration provides a model for how AI researchers and software maintainers can work together to meet rising security demands. As models improve, the process of coordinated vulnerability disclosure will become increasingly automated. Developers are urged to adopt these AI-driven tools now to secure their platforms against the next generation of digital threats.