Skip to main content

Mozilla patches major zero-day Firefox flaw

(Image credit: Image Credit: David McBee / Pexels)

Firefox has been patched earlier this week to remove a critical vulnerability that was apparently being abused to rob people out of their cryptocurrency.

The Mozilla team patched the vulnerability, bringing its browser, Firefox, to version 67.0.3. The team urges everyone using Firefox to update immediately.

"A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop," Mozilla engineers wrote in a security advisory posted today. "This can allow for an exploitable crash," they added. "We are aware of targeted attacks in the wild abusing this flaw."

The flaw has now been tracked as CVE-2019-11707.

The details about the flaw itself are scarce, but given that it was first discovered by Samuel Groß, a security researcher with Google Project Zero security team, and the Coinbase Security team, it’s safe to assume that the zero-day targeted cryptocurrency owners.

Not so long ago, Mozilla released new security tools for Firefox, with the aim of preventing malicious actors from stealing fingerprints and using cryptojacking.

Cryptojacking is a form of malware which hijacks the device and uses its computing power to mine cryptocurrency. A single, average computer or laptop can mine negligible amounts of cryptocurrency, but when you infest hundreds, if not thousands of machines and have them all mine, you can get your hands on quite a few virtual greens. Especially when the electricity bill is being paid by someone else.

Image Credit: David McBee / Pexels

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.