During the Pwn2Own hacking festival, Mozilla Firefox and Thunderbird security were hacked several times. Mainly, these were zero-day vulnerabilities, i.e. ones that no one had ever known about before.

One of the more interesting attacks as Mozilla says "An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process,"

The winners received $100,000 for discovering bugs in Mozilla's software

Source: bleepingcomputer.com