Latest in Gear

Image credit: Iuliia Serova via Getty Images

A Firefox update fixes yet another zero-day vulnerability

This is the second critical bug Mozilla has fixed in the span of a few days.
392 Shares
Share
Tweet
Share
Save

Sponsored Links

Iuliia Serova via Getty Images

Mozilla recently rolled out a fix for a critical bug that hackers were actively exploiting to take control of vulnerable systems. Now, it has released a patch for yet another zero-day bug. According to ZDNet, infiltrators used the two flaws in tandem to target Coinbase employees: the first one allowed them to run malicious codes through Firefox from afar, while the second one gave them a way to escape from the Firefox protected process.

Apparently, the attackers sent spear-phishing emails to the cryptocurrency exchange's personnel to lure them to a website designed to automatically download and run an info-stealer if it's loaded on Firefox. The malware they used worked on both Mac and Windows and could collect passwords and other data. A Google Project Zero researcher reported the first bug's existence to Mozilla in April, but the browser-maker didn't patch it up until after the Coinbase security team reported attacks on the company's system using the two vulnerabilities.

It's still unclear how the attackers knew about the bugs to create attacks meant to exploit them. And while Coinbase didn't find evidence of exploitation targeting customers, Firefox users may still want to update their browsers, especially now that the flaws are public knowledge.

Source: ZDNet
In this article: bug, firefox, gear, mozilla, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
392 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Google Assistant gets new voice options in nine more languages

Google Assistant gets new voice options in nine more languages

View
HP's new ultrawide monitor can show two device's screens at once

HP's new ultrawide monitor can show two device's screens at once

View
HP Elite Dragonfly hands-on: A really light business notebook

HP Elite Dragonfly hands-on: A really light business notebook

View
Chinese retailers abruptly stop selling Juul e-cigarettes

Chinese retailers abruptly stop selling Juul e-cigarettes

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr