Recent Firefox’s Zero-Day Flaw Was Used in Attacks Against Coinbase’s Employees (#GotBitcoin?)

The recent Firefox’s zero-day security flaw was used in attacks against major crypto exchange and wallet service Coinbase, according to a tweet from Coinbase security researcher Philip Martin posted on June 20. Recent Firefox’s Zero-Day Flaw Was Used in Attacks Against Coinbase’s Employees (#GotBitcoin?)

As Martin found, the reported critical zero-day vulnerability in Mozilla’s Firefox web browser, which was announced on June 18, has actually emerged along with another zero-day flaw that targeted Coinbase employees, meaning that there were two separate Firefox zero-day attacks.

The Coinbase Security Expert Tweeted:

“On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.”

Martin continued that Coinbase was not the only crypto-related company targeted in the campaign, adding that the firm is working to report other businesses that they believe were also targeted. He emphasized that the company’s security team has seen “no evidence” that the exploit targeted Coinbase customers.

Coinbase Security first reported on the security flaw along with Samuel Groß, security researcher with Google Project Zero’s security team, who argued that he first reported the bug to Mozilla on April 15, 2019.

Following these reports, Mozilla released security updates for its browser, admitting that the company is “aware of targeted attacks in the wild abusing this flaw.”

Specifically, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to fix the reported zero-day flaw tracked as CVE-2019-11707, describing it as a “confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.”

Recently, crypto enthusiast John McAfee’s crypto trading platform suffered a denial of service (DOS) attack by hackers immediately after its launch.

Updated: 6-27-2019

Mozilla Closes Holes That Led to Coinbase Hacks

A pair of simple Mozilla vulnerabilities made it easier for hackers to phish Coinbase employees. The exploit, detailed by ZDNet, was a remote code execution attack that could force machines running Firefox to install spyware to capture passwords and other data.

The two vulnerabilities – CVE-2019-11708 and CVE-2019-11707 – first appeared in April 15 and hackers used them to spear-phish Coinbase employees. When they visited sites linked in the email the browser would download a piece of spyware to steal logins and other data.

Some detail from the exploit suggests that the bug could escalate privileges outside of the “sandbox” where most Mozilla code runs:

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user’s computer.

The two vulnerabilities combined to create a perfect storm, allowing hackers to run malware installers instantly. Researchers discovered the exploits on April 15 and they suspect that hackers saw them in Mozilla’s Bugzilla bug tracking database and exploited them before they could be patched. The hack did not effect Coinbase users.

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

iPhone Privacy Is Broke And Apps Are To Blame (#GotBitcoin?)

Millions Of Business Listings On Google Maps Are Fake—And Google Profits (#GotBitcoin?)

Apple Says It Removed Parental Control Apps For Security Reasons, Not Competition (#GotBitcoin?)

Families Use Apps To Track Relatives With Dementia (#GotBitcoin?)

China’s Spying Poses Rising Threat To U.S. (#GotBitcoin?)

Computer Attack Knocks Weather Channel Off The Air (#GotBitcoin?)

New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)

Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)

Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)