- a “remote code execution” vulnerability that empowered remote attackers to run a malignant code inside the local procedure of the Firefox browser,
- the second one was known as a “sandbox escape” that enabled programmers to execute arbitrary code on the operating system by getting away from Firefox’ security sandbox.
Some mysterious attackers used the two Firefox security loopholes to design an assault against Coinbase employees. The issue was affirmed by Coinbase Chief Information Security Officer (CISO) Philip Martin. Independently, one of the patched zero-day vulnerabilities has been found to give secondary passage access to Mac machines used for a cryptocurrency exchange.
The remote code execution bug recorded as CVE-2019-11707 was first announced by a Google Project Zero researcher. It was patched not long ago, just before fixing the sandbox escape problem that has been described as CVE-2019-11708. The two imperfections outstandingly empowered the attackers to impact the Coinbase staff.
“On Monday, Coinbase distinguished and blocked an attempt by an attacker to use the revealed zero-day alongside a separate zero-day Firefox sandbox escape, to target Coinbase employees,” said Coinbase CISO Martin on Twitter. “We strolled back the whole assault, recovered, and reported the zero-day to Firefox, pulled separated the malware and infra[structure] used in the assault and are working with different organizations to keep burning down [the] attacker framework and delving into the attacker involved.”
Martin included that the attack didn’t target customers, however, it was aimed at other cryptocurrency organizations too that were informed.
“We’re likewise releasing a set of IOCs (indicators of compromise) that organizations can use to assess their potential exposure,” he proceeded.
The indicators of compromise shared by Martin recommends that assailants would send a spear-phishing email to impact the receivers to visit a webpage that can run a collect personal data stored on Firefox. The attack was eminently intended for both Mac and Windows users.
Mozilla brought the Firefox 67.0.3 and Firefox ESR 60.7.1 to underlying the initial zero-day bug. Afterward, it released the Firefox 67.0.4 and Firefox ESR 60.7.2 to patch the second zero-day vulnerability that was related with the sandbox escape problem and contributed to the Coinbase exploit.
In other news, the remote code execution bug in Firefox that has been recorded as CVE-2019-11707 is found to empowered assailants to install a Mac malware. The malware can be installed especially on machines where a cryptocurrency exchange took place “until fairly as of late,” macOS security researcher Patrick Wardle called attention to in his blog.
As clarified by Ars Technica, the overrides Apple’s default security efforts, including XProtect and Gatekeeper, to install malicious substance on Mac machines through Firefox.
“I do not have direct proof [Windows users] were focused as a result of this exploit,” free reverse engineer Vitali Kremez told Ars Technica.
That being stated, Windows and Mac both users are exceedingly prescribed to install the updated Firefox browser on their computers to stay away from uncertain instances.