![]() When combined, the two bugs provide a quick avenue for running malicious code from within a website on a visiting user’s computer.Īs ZDNet broke the news earlier today, these two zero-days were being used by an unknown hacking group in attempts to infect the Coinbase staff.Ĭoinbase employees would receive spear-phishing emails that would contain links to malicious sites. This second zero-day, which Mozilla described as a “sandbox escape” allowed malicious threat actors to escape from the Firefox protected process and execute code on the underlying operating system. The bug ( CVE-2019-11707) was discovered on April 15 by a Google Project Zero researcher and reported to Mozilla, who only patched it this week after the Coinbase security team reported attacks exploiting the vulnerability, together with a second zero-day ( CVE-2019-11708). ![]() The first one was described as a “remote code execution” vulnerability that allowed remote attackers to run malicious code inside Firefox’s native process. This second bug was used together with another one that Mozilla patched two days ago, through the release of Firefox 67.0.3 and Firefox ESR 60.7.1. Mozilla has released a second security update this week to patch a second zero-day that was being exploited in the wild to attack Coinbase employees and other cryptocurrency organizations.įirefox 67.0.4 and Firefox ESR 60.7.2 are now available for Firefox users through the browser’s built-in update mechanism. Two days after patching the first zero-day, Mozilla fixes a second one, used in the same attacks as the first. Mozilla fixes second Firefox zero-day exploited in the wild
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |