Latest in Gear

Image credit: Iuliia Serova via Getty Images

A Firefox update fixes yet another zero-day vulnerability

This is the second critical bug Mozilla has fixed in the span of a few days.
392 Shares
Share
Tweet
Share
Save

Sponsored Links

Iuliia Serova via Getty Images

Mozilla recently rolled out a fix for a critical bug that hackers were actively exploiting to take control of vulnerable systems. Now, it has released a patch for yet another zero-day bug. According to ZDNet, infiltrators used the two flaws in tandem to target Coinbase employees: the first one allowed them to run malicious codes through Firefox from afar, while the second one gave them a way to escape from the Firefox protected process.

Apparently, the attackers sent spear-phishing emails to the cryptocurrency exchange's personnel to lure them to a website designed to automatically download and run an info-stealer if it's loaded on Firefox. The malware they used worked on both Mac and Windows and could collect passwords and other data. A Google Project Zero researcher reported the first bug's existence to Mozilla in April, but the browser-maker didn't patch it up until after the Coinbase security team reported attacks on the company's system using the two vulnerabilities.

It's still unclear how the attackers knew about the bugs to create attacks meant to exploit them. And while Coinbase didn't find evidence of exploitation targeting customers, Firefox users may still want to update their browsers, especially now that the flaws are public knowledge.

Source: ZDNet
In this article: bug, firefox, gear, mozilla, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
392 Shares
Share
Tweet
Share
Save
Comments

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr