Mozilla has released patches for the bug reported by Coinbase.
Mozilla has patched a critical vulnerability under active exploit in the Firefox browser.
Digital currency exchange Coinbase reported the vulnerability to Mozilla after discovering it in use for targeted attacks. According to the Mozilla advisory, the type confusion vulnerability (CVE-2019-11707) "can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash."
The researcher who discovered the flaw – Samuel Groß of Google Project Zero and Coinbase Security – stated on Twitter: "The bug can be exploited for RCE but would then need a separate sandbox escape. However, most likely it can also be exploited for UXSS which might be enough depending on the attacker's goals."
The vulnerability has been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1. Read more here and here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024