Mozilla recently rolled out a fix for a critical bug that hackers were actively exploiting to take control of vulnerable systems. Now, it has released a patch for yet another zero-day bug. According to ZDNet, infiltrators used the two flaws in tandem to target Coinbase employees: the first one allowed them to run malicious codes through Firefox from afar, while the second one gave them a way to escape from the Firefox protected process.
Apparently, the attackers sent spear-phishing emails to the cryptocurrency exchange’s personnel to lure them to a website designed to automatically download and run an info-stealer if it’s loaded on Firefox. The malware they used worked on both Mac and Windows and could collect passwords and other data. A Google Project Zero researcher reported the first bug’s existence to Mozilla in April, but the browser-maker didn’t patch it up until after the Coinbase security team reported attacks on the company’s system using the two vulnerabilities.
It’s still unclear how the attackers knew about the bugs to create attacks meant to exploit them. And while Coinbase didn’t find evidence of exploitation targeting customers, Firefox users may still want to update their browsers, especially now that the flaws are public knowledge.