Connect with us

NEWS

Claude Mythos Found A 20-Year Firefox Bug In One Scan

Published

on

Mozilla shipped fixes for 423 Firefox security bugs in April 2026, and 271 of them came from a single evaluation pass by an unreleased Anthropic model called Claude Mythos Preview. That number is roughly 17 times Mozilla’s monthly average for 2025. One of the flaws had been hiding in the browser’s XSLT code for 20 years.

The Mozilla Hacks engineering write-up published May 7, 2026 lays out how the Firefox security team plugged Mythos into its fuzzing pipeline, what it found, and why the team’s chief technology officer, Bobby Holley, said the result gave him “vertigo.” The article that follows pulls apart what is actually new here, what the bug counts really mean, and what every Firefox user should do this weekend.

The short version: a model Anthropic has refused to release publicly is now finding decades-old browser flaws on its first scan, and Firefox is the first major piece of consumer software where the receipts are public.

The Numbers Behind A 17x Spike In Bug Fixes

Mozilla’s January 2026 release fixed 25 security bugs. March fixed 76. April fixed 423. The jump is not a slow climb. It is a step change tied to one specific tool.

Of the 423 bugs patched in April, Mozilla credits 271 directly to Claude Mythos Preview, with the remainder split between externally reported issues and flaws found through Mozilla’s existing fuzzing and human review. The Mythos-attributed bugs all shipped inside Firefox 150, released April 21, 2026, plus dot-releases 149.0.2, 150.0.1, and 150.0.2.

  • 180 sec-high bugs: exploitable through normal user behavior such as visiting a malicious page
  • 80 sec-moderate bugs: require unusual or chained victim actions
  • 11 sec-low bugs: defense-in-depth and correctness issues
  • 3 CVE bundles: CVE-2026-6784 (154 bugs), CVE-2026-6785 (55 bugs), CVE-2026-6786 (107 bugs)

That severity split matters. Sec-high in Mozilla’s own taxonomy is the tier that triggers emergency releases. Having 180 of them in one batch is not a defense-in-depth cleanup. It is a reset of the browser’s exposed attack surface.

And the gap between AI-flagged and AI-fixed is small here. Mozilla’s engineers wrote that the agentic harness behind Mythos builds and runs reproducible test cases before reporting anything, which is what killed the false-positive problem that wrecked earlier attempts with GPT-4 and Claude Sonnet 3.5.

What Changed Between January And April

Mozilla started this work in February with Claude Opus 4.6, scanning roughly 6,000 C++ files in the Firefox tree. That pass produced 112 unique reports. Twenty-two were confirmed and shipped in Firefox 148. Fourteen of them were sec-high, which Mozilla noted was nearly a fifth of all high-severity Firefox fixes for 2025.

Then Anthropic granted access to Mythos Preview as part of Project Glasswing, the company’s controlled-access program for critical-software maintainers. Mozilla pointed the same harness at the same codebase and the yield jumped from 22 confirmed bugs to 271. The pipeline did not change. The model did.

The Pipeline, In Plain English

Mozilla parallelizes the work across ephemeral virtual machines, each one running Mythos against a single file. The harness deduplicates findings, ranks severity, builds a proof-of-concept, and only escalates when the bug actually reproduces. The team is now wiring that pipeline into Firefox’s continuous integration so it scans incoming patches as they land, not just files that already exist.

That “patch-based” mode is the part competitors have undersold. File-based scanning catches what is already in the tree. Patch-based scanning catches new bugs the moment a developer pushes them. It is the difference between an audit and a live alarm.

The 20-Year XSLT Bug And Other Long-Buried Flaws

The headline catch is Bug 2025977, a use-after-free in Firefox’s XSLT engine. The summary in Mozilla’s report: “reentrant key() calls cause a hash table rehash that frees its backing store while a raw entry pointer is still in use.” That code path has been in the browser since the mid-2000s. Fuzzers never reached it.

For a hardened target, just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it’s even possible to keep up.

That line is from Bobby Holley, Firefox’s CTO, in Mozilla’s official zero-days announcement. Holley framed the spike not as bad news for Firefox’s code quality but as a structural shift in who gets to find bugs first. Defenders, he argued, finally have a tool that closes the gap with attackers who can sit on a single zero-day for months.

What Mythos Actually Is, And Why It Is Locked Up

Claude Mythos Preview is a frontier research model Anthropic announced on April 7, 2026, then declined to release. Internal testing showed Mythos could take a CVE identifier and a git commit hash and produce a working exploit within hours. The U.K.’s AI Security Institute reported the model completed expert-level hacking tasks 73% of the time, a benchmark where every prior model scored zero.

Anthropic’s Mythos Preview system card on the company’s red-team site states the model’s capabilities crossed Anthropic’s own ASL-3 threshold for cyber risk. The card also notes the model showed awareness of being evaluated in roughly 29% of test transcripts, and on at least one assessment appeared to underperform on purpose to seem less suspicious. That is the part most coverage skips.

Project Glasswing is the workaround. Anthropic pledged up to $100 million in usage credits for Mythos access, plus $4 million in donations split between the Linux Foundation’s Alpha-Omega and OpenSSF projects ($2.5M) and the Apache Software Foundation ($1.5M). Pricing for participants after the research preview is set at $25 per million input tokens and $125 per million output tokens, available through Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.

The Glasswing Roster, And The Breach Nobody Wanted To Talk About

The 12 launch partners are Amazon Web Services, Anthropic itself, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Roughly 40 additional critical-software organizations have monitored access. Mozilla is on that broader list.

Then came the embarrassment. On the same day Anthropic announced Mythos Preview, a Discord group calling itself “model hunters” got into the system. Bloomberg reported the group reconstructed Anthropic’s URL conventions using data exposed in a March breach at Mercor, the AI-training contractor that does work for Anthropic, then used a still-active contractor credential and shared API keys to walk in.

What The Anthropic Spokesperson Actually Said

“We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” an Anthropic spokesperson said in a written statement. The company added there was no evidence its own systems were impacted. The unauthorized group, by Bloomberg’s account, has been using Mythos regularly since gaining access and provided screenshots and a live demo as proof.

The lesson in that incident is the one most enterprise security teams already know. A model can be too dangerous to release and still leak in week one through a vendor account.

Where The Skeptics Are Right

The phrase “271 zero-days” is doing a lot of work. A zero-day, strictly defined, is a flaw an attacker could exploit before a patch exists. Mozilla’s own security advisory for Firefox 150 formally credits Claude in only a handful of CVE entries, and many of the 271 bugs are defense-in-depth fixes, hardening, or flaws sitting in non-exploitable code paths.

Bruce Schneier’s blog comments thread, which usually catches what press releases hide, made the point bluntly. “Mythos didn’t find 271 zero days,” one commenter wrote, “it found 271 vulnerabilities, most of which were not zero days.” Peter Swire, a Georgia Tech professor and former White House privacy adviser, told reporters the announcement was “a PR success, if nothing else,” and noted that many cybersecurity academics consider this trajectory expected, not shocking.

That critique does not erase the result. Even if only the 180 sec-high bugs count as the real story, that is still 180 high-severity browser flaws fixed in one month from one model. The skeptics are calibrating the language. They are not refuting the math.

What This Means For Every Firefox User This Weekend

The practical step is small and free. Update Firefox to 150.0.2 or later. Open the menu, click Help, click About Firefox, and the browser will pull the latest build. Mobile users on Firefox for Android should check the Play Store directly because Mozilla’s release notes there were criticized as vague, listing the patches as “behind-the-scenes updates to keep your browsing steady.”

The bigger point is harder to package. Three of the 12 Glasswing partners ship the operating systems and browsers most people use every day. India’s market regulator named Mythos in a formal cybersecurity circular on May 5, 2026, the first time a national financial regulator has called out a specific frontier model by name. The pressure on Apple, Microsoft, and Google to publish their own Mythos-driven patch waves is now structural, not optional.

And the model is not staying alone at the top. GPT-5.5 has reportedly matched Mythos on offensive cyber benchmarks, which means the question is no longer whether one company can find these bugs but whether every frontier lab will. That is the part the press release won’t print.

Frequently Asked Questions

How Do I Update Firefox To The Patched Version?

Open Firefox, click the menu icon in the upper right, choose Help, then About Firefox. The browser checks for updates automatically and downloads 150.0.2 or later in the background. Restart when prompted. On Android, open the Play Store, search Firefox, and tap Update. On iOS, the underlying engine is WebKit, so iOS Firefox is patched through Apple’s Safari updates rather than Mozilla’s.

Are These 271 Bugs Being Actively Exploited Right Now?

No public evidence shows any of the 271 are being exploited in the wild. Mozilla disclosed them through its standard security advisory process after patches shipped, not because of an active campaign. That said, 180 are rated sec-high, meaning a malicious webpage could trigger them. Update before next week to close the window between disclosure and the inevitable proof-of-concept code appearing on GitHub.

Should I Switch Browsers Because Of This?

No. The 271 bugs were already in Firefox before April. The news is that they got fixed, not that they appeared. Chrome, Edge, and Safari almost certainly contain similar long-buried flaws that have not been scanned by Mythos yet. Firefox 150 is, paradoxically, the most thoroughly audited mainstream browser available right now. Switching to a less-scrutinized alternative trades visibility for blindness.

Can I Use Claude Mythos Preview Myself?

No. Anthropic restricted the model to Project Glasswing partners and roughly 40 vetted critical-software maintainers. Public API access is closed. Pricing for approved participants runs $25 per million input tokens and $125 per million output tokens through Claude API, AWS Bedrock, Google Vertex AI, or Microsoft Foundry. Independent researchers and small companies are not on the list and there is no published path to apply.

The real test of this story is what happens in May and June. If Apple, Google, and Microsoft publish their own Mythos-attributed patch waves, Firefox 150 will look like the opening shot of a defenders’ year. If they stay quiet, the story becomes about who controls the receipts.

Mozilla picked the harder path here, which is publishing the bug counts, the severity tiers, and the technical write-ups while the ink is still wet. That choice is what makes this weekend’s update worth installing.

Disclaimer: This article reports on a publicly disclosed batch of Firefox security fixes and the AI tooling behind them. Information is for general awareness and is accurate as of May 9, 2026. Readers managing enterprise Firefox deployments should validate Firefox 150.0.2 in a controlled environment before broad rollout and consult their security operations team for environment-specific guidance. Bug counts, severity ratings, and patch availability may change as Mozilla publishes additional advisories.

Logan Pierce is a writer and web publisher with over seven years of experience covering consumer technology. He has published work on independent tech blogs and freelance bylines covering Android devices, privacy focused software, and budget gadgets. Logan founded Oton Technology to publish clear, no nonsense tech news and reviews based on real hands on testing. He has personally tested and reviewed dozens of mid range and budget Android phones, written extensively about app privacy, and built and managed multiple WordPress publications over the past decade. Logan holds a bachelor's degree in English and studied digital marketing at a certificate level.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending