Posted on

Recent Firefox’s Zero-Day Flaw Was Used in Attacks Against Coinbase’s Employees

The recently reported Firefox’s zero-day flaw was used by hackers to attack Coinbase employees on June 17.

The recent Firefox’s zero-day security flaw was used in attacks against major crypto exchange and wallet service Coinbase, according to a tweet from Coinbase security researcher Philip Martin posted on June 20.

As Martin found, the reported critical zero-day vulnerability in Mozilla’s Firefox web browser, which was announced on June 18, has actually emerged along with another zero-day flaw that targeted Coinbase employees, meaning that there were two separate Firefox zero-day attacks.

The Coinbase security expert tweeted:

“On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.”

Martin continued that Coinbase was not the only crypto-related company targeted in the campaign, adding that the firm is working to report other businesses that they believe were also targeted. He emphasized that the company’s security team has seen “no evidence” that the exploit targeted Coinbase customers.

Coinbase Security first reported on the security flaw along with Samuel Groß, security researcher with Google Project Zero’s security team, who argued that he first reported the bug to Mozilla on April 15, 2019.

Following these reports, Mozilla released security updates for its browser, admitting that the company is “aware of targeted attacks in the wild abusing this flaw.”

Specifically, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to fix the reported zero-day flaw tracked as CVE-2019-11707, describing it as a “confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.”

Recently, crypto enthusiast John McAfee’s crypto trading platform suffered a denial of service (DOS) attack by hackers immediately after its launch.

Posted on

Firefox Browser To Address Crypto Malware Concerns In Upcoming Update

Mozilla Firefox To Combat CryptoMining

The Mozilla Foundation, the California-based firm behind the ever so popular Firefox browser, has finally made its first formal mention of the nascent cryptocurrency industry, but sadly not in an optimal context.

On August 30th, Mozilla issued a blog post highlighting a series of upgrades it intends to make for its flagship product, the Mozilla Firefox browser.

The technology firm outlined a series of improvements that were meant to increase the performance and security of the browser, which included improving page load speeds, “removing cross-site tracking,” and most importantly, mitigating harmful practices enacted by malicious users.

Although this may be dull to some, what caught the eye of many cryptocurrency enthusiasts was the

Image Courtesy of Mozilla

mention of “cryptomining scripts” in the aforementioned post. The firm noted that it intends to crack down on sites that introduce cryptomining scripts onto consumer computers, adding that future versions of Firefox will “block these practices by default.”

Mozilla Product VP Nick Nuygen, who authored the post, elaborated on the plan, writing:

Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.

Nuygen went on to explain that this move will give consumers “a voice” and will help to “empower Firefox users” to be more in control of their experience on the web. This feature will first be beta tested on Firefox Nightly, which will ensure that malicious scripts are blocked effectively.

Mozilla isn’t the only firm to take a harsh stance against cryptomining, as many prominent companies consider it a threat to the security and safety of millions of consumers around the globe, especially in a word that is becoming increasingly digital.

As reported by Ethereum World News previously, Google has taken a harsh stance against cryptomining, recently establishing a rule that banned all cryptocurrency mining applications from its mobile play store and web store. Although the technology giant has shown the slightest hints of interest in blockchain technologies, it seems that the firm intends to remain heavy-handed when it comes to products relating to the potentially malicious action of cryptomining, cryptojacking and the like.

Opera, which sits behind Google Chrome, Firefox, Microsoft’s Edge and Apple’s Safari as the most popular internet browser, has also taken a stance against in-browser “bitcoin mining,” but was ahead of the curb as it introduced anti-bitcoin mining measures in January 2018.

Although cryptocurrencies are undoubtedly seeing adoption, acceptance, and growth in every nook and cranny, it goes without saying that there are still issues with this newfangled technology. Whether it be the aforementioned cryptomining epidemic or the widespread hacking of wallets, it is clear that security remains a legitimate concern for many.

Title Image Courtesy of J. Albert Bowden ll @ Flickr
Girl in a jacket


Posted on

Firefox Plans to Block Crypto Mining Malware in Future Releases

Firefox, the popular Web browser, will soon begin automatically blocking crypto mining malware scripts as part of a wider performance-enhancing push.

The Mozilla Foundation, the not-for-profit organization behind the open-source browser, said Thursday that it intends to block trackers and other “harmful practices” in upcoming releases.

Some of these features, such as the anti-tracking function, are already available in its Firefox Nightly beta version.

The goal is to prevent third-party scripts from hampering the user experience, according to Mozilla vice president of product Nick Nguyen. These scripts are generally embedded within websites and can commandeer a user’s computing power without their knowledge.

Scripts that hijack an individual’s unused computer power to mine cryptocurrencies also fall into this category.

“Deceptive practices that invisibly collect identifiable user information or degrade user experience are becoming more common,” Nguyen wrote, adding:

“For example, some trackers fingerprint users — a technique that allows them to invisibly identify users by their device properties, and which users are unable to control. Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.”

The Firefox Nightly version will be used to test the functionality of the new features. And if successful, users may begin seeing them enabled by default in the Firefox 63 release.

Mozilla joins other browser developers, including Opera and Google, in trying to protect its users from malicious miners, which can slow down the user experience at best and damage their computers at worst.

Opera announced in January that it was rolling out miner protection to the smartphone version of its browser, which would also be active by default. The company already offered cryptominer protection on its desktop version.

Google, meanwhile, has banned any cryptomining apps from its Play Store, though it has not made any official statements regarding automatically blocking scripts embedded within websites.

Firefox image via Faizal Ramli / Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.