Mozilla has warned hackers are exploiting a critical âzero-dayâ exploit in its Firefox browser â and cryptocurrency owners are most at-risk, ZDNet reports.
Details of the bug are scarce, but Mozilla has described it as a âtype confusion vulnerabilityâ that could occur when interacting with JavaScript objects.
âThis can allow for an exploitable crash,â reads Mozillaâs latest patch note. âWe are aware of targeted attacks in the wild abusing this flaw.â
Samuel GroĂ, one of the security researchers who found and reported the bug, confirmed he did so way back on April 15 â over two months ago.
The đ of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
âThe first public fix then landed about a week ago,â GroĂ tweeted earlier today. He then said security fixes for Firefox are usually held back until the next full release is prepared to launch.
According to GroĂ, hackers are able to exploit the bug for âRemote Control Executionâ, or RCE, but it would only be effective under certain conditions.
RCE usually affords attackers complete control over a targeted web server. In this case, considering the contents of Mozillaâs patch notes, it seems major cryptocurrency exchange Coinbase has been targeted directly.
âHowever, most likely it can be exploited for [Universal Cross-Site Scripting (UXSS) attacks] which might be enough depending on the attackerâs goals,â GroĂ continued.
UXSS attacks often lead to loss of sensitive information, such as usernames, passwords, and other critical credentials.
So far, no specific details of how the bug has been exploited have been released. Hard Fork has reached out to Coinbase for more information, and will update this piece should we receive a reply.
Mozilla has now released a patch, and urged users to update their browsers as soon as possible.
Get the TNW newsletter
Get the most important tech news in your inbox each week.