Mozilla had recently rolled out a fix for a critical vulnerability that hackers were actively exploiting to take control of buggy systems. And now, Mozilla has yet again patched its Firefox browser for a second time in response to a spear phishing attack targeted towards employees of cryptocurrency exchange Coinbase, ZDNet reports.
“The remote code execution bug is listed as CVE-2019-11707 and was first reported by a Google Project Zero researcher. It was patched earlier this week, just before fixing the sandbox escape issue that has been listed as CVE-2019-11708. Both flaws notably enabled the attackers to impact the Coinbase staff,” which was noted by ZDNet.
“On Monday, Coinbase detected and blocked an attempt by an attacker to leverage the reported zero-day along with a separate zero-day Firefox sandbox escape, to target Coinbase employees,” saidCoinbase CISO Martin on Twitter. “We walked back the entire attack, recovered, and reported the zero-day to Firefox, pulled apart the malware and infra[structure] used in the attack and are working with various orgs to continue burning down [the] attacker infrastructure and digging into the attacker involved.”
The high-severity sandbox-escape flaw roots out from the insufficient vetting of “Prompt:Open” interprocess communication (IPC) messages, which are passed between different processes on the browser. The flaw “can result in the non-sandboxed parent process opening web content chosen by a compromised child process,” according to Mozilla’s advisory.
However, it’s still unclear how the attackers came to know about the bugs to create attacks meant in order to exploit them. And while Coinbase didn’t find any evidence of exploitation targeting customers, Firefox users may still want to update their browsers, especially now since the flaws have become public knowledge.