Recent Firefox’s Zero-Day Flaw Was Used in Attacks Against Coinbase’s Employees
|The recent Firefox’s zero-day security flaw was used in attacks against major crypto exchange and wallet service Coinbase, according to a tweet from Coinbase security researcher Philip Martin posted on June 20.
As Martin found, the reported critical zero-day vulnerability in Mozilla’s Firefox web browser, which was announced on June 18, has actually emerged along with another zero-day flaw that targeted Coinbase employees, meaning that there were two separate Firefox zero-day attacks.
The Coinbase security expert tweeted:
“On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.”
Martin continued that Coinbase was not the only crypto-related company targeted in the campaign, adding that the firm is working to report other businesses that they believe were also targeted. He emphasized that the company’s security team has seen “no evidence” that the exploit targeted Coinbase customers.
Coinbase Security first reported on the security flaw along with Samuel Groß, security researcher with Google Project Zero’s security team, who argued that he first reported the bug to Mozilla on April 15, 2019.
Following these reports, Mozilla released security updates for its browser, admitting that the company is “aware of targeted attacks in the wild abusing this flaw.”
Specifically, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to fix the reported zero-day flaw tracked as CVE-2019-11707, describing it as a “confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.”
Recently, crypto enthusiast John McAfee's crypto trading platform suffered a denial of service (DOS) attack by hackers immediately after its launch.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.