Another zero day found in Mozilla Firefox it’s causing unrest among TOR users

According to information security audit specialists Mozilla has corrected its Firefox browser for the second time this week after receiving an alert about a spear phishing campaign targeting users of the Coinbase cryptocurrency exchange platform.

According to reports, a hacker group has directed some phishing emails against Coinbase staff; these messages contain links to malicious websites. If the user falls into the game of hackers and clicks on any of these links using Firefox, a malware would download and run automatically on the system. According to information security audit experts, this malware is capable of stealing passwords from the browser, steal browsing history details, among other sensitive data.

Firefox’s engineering officers recently commented: “Coinbase cryptocurrency platform reported an exploited vulnerability to run a phishing campaign against them; the fault was patched less than a day after Mozilla received the report”. Firefox version 67.0.4, the newer one, contains fixes for another zero-day vulnerability that functions as a sandbox escape when the flaw is succesfully exploited.

The hacker’s goal was to break into Coinbase networks and steal cryptocurrency online wallet addresses, information security audit experts report. However, the staff of the exchange platform managed to block the attempts of the hackers; in addition, the update released by Mozilla almost completely reduces the chances of attack by this route.

According to specialists from the International institute of Cyber Security (IICS), attacks on Coinbase cryptocurrency platform would have begun weeks before the platform staff managed to detect them.  Coinbase haven’t mentioned yet how hackers discovered these security flaws.

The attacks exploiting this flaw not only occurred on Coinbase, other cryptocurrency exchange platforms were also attacked recently, although they are not necessarily related facts. The best thing for Firefox users is to check the browser version they are using and, if necessary, install the updates.