See More

New Firefox Exploits Can be Combined Into a Devastating Crypto Attack

2 mins
Updated by
Join our Trading Community on Telegram
Mozilla has announced yet another security vulnerability targeting Firefox users, this time a Remote Code Execution (RCE) bug that can allow attackers to run code on affected machines. This is the second Firefox exploit patched this week.
Elaborated in the most recent Mozilla Security Advisory, the new exploit named ‘CVE-2019-11708’ effects all earlier versions of Mozilla’s Firefox and Firefox ESR web browsers. The flaw has now been patched in the new Firefox 67.0.4 and Firefox ESR 60.7.2. A full description of the bug, as described by Mozilla is outlined below;
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user’s computer.
Mozilla rated the latest Firefox exploit as high impact, a designation reserved for vulnerabilities that can gather sensitive user data or inject code into sites visited by the user during normal browsing sessions. The new exploit is unusual in that it was detected after being spotted being used in the wild. As is common with many zero-day exploits, the technique was first used to target cryptocurrency owners and users.

firefox hack

Coinbase Targeted

According to ZDNet, both an earlier Firefox exploit and the new one were combined into a two-step attack to target several cryptocurrency organizations, including Coinbase. The exploit was unraveled after Philip Martin, Chief Information Security Officer at Coinbase reported the attack to Mozilla. Together, the two exploits would have allowed the attacker to extract sensitive data from affected machines, and potentially escape the Firefox sandbox to run code without permission. Had this been successful, Coinbase and other affected sites could have suffered catastrophic losses. It remains unclear how the attacker had discovered the Remote Code Execution (RCE) bug, but it may have been independently discovered, or leaked by a Mozilla insider. To protect yourself from the vulnerability, you will need to update Firefox by navigating to ‘About Firefox’ in the menu panel to access the automatic update feature. What is your opinion on Firefox as a browser? Do the recent exploits highlight a need to switch to alternatives, like Brave? Let us know your thoughts in the comments!
Top crypto platforms in the US | March 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Daniel_userpic_basic.jpg
Daniel Phillips
After obtaining a Masters degree in Regenerative Medicine, Daniel pivoted to the frontier field of blockchain technology, where he began to absorb anything and everything he could on the subject. Daniel has been bullish on Bitcoin since before it was cool, and continues to be so despite any evidence to the contrary. Nowadays, Daniel works in the blockchain space full time, as both a copywriter and blockchain marketer.
READ FULL BIO
Sponsored
Sponsored