The Attack Route for CoinBase Exchange, Firefox’s Vulnerability Calls for Emergency Upgrade

On June 20th, Mozilla unveiled its latest stable emergency desktop version of "Firefox" after the attacks on the cryptocurrency exchange, Coinbase through Firefox's zero-day vulnerability sandbox bypass.

This update resolves the problem of insufficient parameter validation in 'Prompt:Open' where messages are exchanged between the parent process and the subprocess (CVE-2019-11708). It was possible that a subprocess that had a vulnerability opened Web content from a higher process that was not protected by sandboxes, allowing arbitrary code execution by combining with other vulnerabilities. The risk phase also affects the corporate-only extended support plate "Firefox ESR," which is the second "High" in the four-tier standard based on Mozilla standards.

Such issue was used in attacks targeting employee personal computers on the cryptocurrency exchange, Coinbase along with a vulnerability modified to 'Firefox 67,' (CVE-2019-1707). Fortunately, the attack was immediately blocked, leaving no damage to customers. However, since people cannot rule out the possibility of other attacks, it would be better to keep high security by updating the platform whether you are a cryptocurrency user or not.

Reporter James Lee (news@dailycoinews.com)의 기사 더 보기

- Daily Coin News prioritizes the voice from the scene over others(news@dailycoinews.com) -

- 기사에 사용된 모든 자료에 대한 책임은 작성자 본인에게 있습니다 -

[copyrightⓒ 2018 All rights reserved by Daily Coin News]

Bitcoin price when registering article
BTC-USD : $ 10,822.00 USD (API by Bitfinex)

2 0 Write