Mozilla Patches Second Firefox Zero-Day Bug Hackers Used To Attack Crypto Exchange Coinbase
Mozilla has been working in order to find a solution to a spear phishing campaign that targeted employees of the cryptocurrency exchange Coinbase. According to a recent report released by ZDNet, hackers have been attempting to phish Coinbase staff. With Firefox’s version 67.0.4, they were able to fix a separate “zero-day” vulnerability that was used as a “sandbox escape.”
Mozilla Fixes Firefox Zero-Day Bug
The phishing attack worked by sending emails that contained links to malicious websites. If these links were clicked through Firefox, they were able to download a file that run a malware on the system to steal sensitive data. Hackers could have used this data in order to steal Coinbase users’ funds.
According to Selena Decklemann, senior director for Firefox browser engineer, said that the vulnerability was used as part of targeted attacks for a spear phishing campaign. However, she informed that in less than 24 hours they’ve released a fix for this exploit.
The goal of the attackers was to have access to the back end network and steal users’ funds that were located in the cryptocurrency exchange. However, employees blocked all the attempts so far. With the new patch, things should be more secure for Coinbase employees.
Nonetheless, there is no information about how the hackers discovered the vulnerabilities. A Coinbase representative mentioned that the attacks happened for weeks before they were detected, which is more worrisome than previously thought.
The bug was discovered back on April 15 by a Google Project Zero researcher that reported it to Mozilla and patched it this week. The bug allowed attackers to escape from the Firefox protected process and execute code on the operating system the users had.
Coinbase is one of the largest cryptocurrency exchanges in the market and one of the most respected. Until now, the firm has never been affected by an attack, which gives to it a very good reputation in the crypto space.