This article was published on June 19, 2019

Hackers exploit Mozilla Firefox bug reportedly affecting Coinbase users

Firefox users need to update ASAP


Hackers exploit Mozilla Firefox bug reportedly affecting Coinbase users

Mozilla has warned hackers are exploiting a critical “zero-day” exploit in its Firefox browser — and cryptocurrency owners are most at-risk, ZDNet reports.

Details of the bug are scarce, but Mozilla has described it as a “type confusion vulnerability” that could occur when interacting with JavaScript objects.

“This can allow for an exploitable crash,” reads Mozilla’s latest patch note. “We are aware of targeted attacks in the wild abusing this flaw.”

Samuel Groß, one of the security researchers who found and reported the bug, confirmed he did so way back on April 15 — over two months ago.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

“The first public fix then landed about a week ago,” Groß tweeted earlier today. He then said security fixes for Firefox are usually held back until the next full release is prepared to launch.

According to Groß, hackers are able to exploit the bug for “Remote Control Execution“, or RCE, but it would only be effective under certain conditions.

RCE usually affords attackers complete control over a targeted web server. In this case, considering the contents of Mozilla’s patch notes, it seems major cryptocurrency exchange Coinbase has been targeted directly.

“However, most likely it can be exploited for [Universal Cross-Site Scripting (UXSS) attacks] which might be enough depending on the attacker’s goals,” Groß continued.

UXSS attacks often lead to loss of sensitive information, such as usernames, passwords, and other critical credentials.

So far, no specific details of how the bug has been exploited have been released. Hard Fork has reached out to Coinbase for more information, and will update this piece should we receive a reply.

Mozilla has now released a patch, and urged users to update their browsers as soon as possible.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with