Reported by Philip Martin – Coinbase security research – via Twitter on June 20th, the critical zero-day security flaw, which was discovered on Mozilla’s Firefox web browser on June 18th, was actually a part of 2 simultaneously appeared zero-day vulnerabilities, with its primary targets are individuals working for Coinbase.
“On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.” Martin further revealed.
Martin also shared that Coinbase was not the only business in the crypto field who fell victim to the hackers, and continued that it is putting efforts in notifying whichever crypto-focused companies have potentially suffered damage from the campaign. Martin stressed that Coinbase security department has found “no evidence” the exploitation targeted Coinbase clients.
Samuel Groß – security researcher with Google Project Zero’s security team – has also uncovered the security glitch together with Martin’s team, and has previously warned Mozilla against the bug on April 15th this year.
After the reports, Mozilla has managed to patch up the security flaw and updated its web browser with the latest security feature – Firefox 67.0.3 and Firefox ESR 60.7.1, while also admitted that it is “aware of targeted attacks in the wild abusing this flaw.”