Firefox Zero-Day Exploited to Deliver Malware to Cryptocurrency Exchanges

[silversurfer]

The recently patched Firefox vulnerability tracked as CVE-2019-11707 has been exploited to deliver Windows and Mac malware to the employees of cryptocurrency exchanges.
 
Mozilla announced on Tuesday that the latest update for Firefox patched a critical type confusion zero-day that had been exploited in targeted attacks. The Tor Project has also updated its browser, which is based on Firefox, to address the vulnerability.
 
The flaw was reported to Mozilla by the security team at cryptocurrency exchange Coinbase and Samuel Groß of Google Project Zero, but initially no details were made available on the attacks.
 
Philip Martin of the Coinbase security team revealed on Twitter that CVE-2019-11707 had been used alongside another unpatched Firefox vulnerability, a sandbox escape weakness, to target Coinbase employees. Martin said the attackers also targeted other cryptocurrency-related organizations.

SOURCE: https://www.securityweek.com/firefox-zer...-exchanges