- The exploit forced machines running Firefox to install spyware.
- As per the reports, the bug didn’t affect Coinbase users.
Mozilla has released a Firefox 67.0.4 and Firefox ESR 60.7.2 to patch the vulnerabilities in its browser which allowed hackers to phish Coinbase employees. The exploit forced machines running Firefox to install spyware via remote code execution attack. The spyware was used to capture passwords and other personal data.
The two vulnerabilities named CVE-2019-11708 and CVE-2019-11707, the latter of which was discovered on April 15 by a Google Project Zero researcher who promptly reported it to Mozilla. Mozilla finally fixed the issues after Coinbase’s security team complained about attacks via the vulnerabilities.
The bugs allowed malicious actors to evade the Firefox protected process and execute code on the underlying operating system. In combination, the two bugs caused havoc and allowed hackers to run malware installers instantly. As per reports, the bug didn’t affect Coinbase users.
Share
