Vancouver, British Columbia is a bit off the beaten path for many IT security vendors, but for Mac aficionados, it might’ve been worth the trip to CanSecWest.

To make a long story short, the show offered two MacBook Pros to researchers who could use a fresh zero-day flaw to hack into the Apple laptop.

Researcher Shane Macaulay did, with a little legal help from Dino Dai Zovi, and the team took home both a $10,000 prize provided by TippingPoint and a MacBook.

But what appeared to be the winning vulnerability in Safari is actually much more. The QuickTime flaw actually exists in any Java-enabled browser, meaning Firefox users on Macs are vulnerable, and Firefox users on Windows are most likely vulnerable, as long as QuickTime is installed.

The Matasano Chargen blog has an interesting take on the developing story, if for no other reason because Dai Zovi, like Mozilla security bigwig Window Snyder, is a Matasano emeritus.