Skip to main content

Mozilla patches major zero-day Firefox flaw

(Image credit: Image Credit: David McBee / Pexels)

Firefox has been patched earlier this week to remove a critical vulnerability that was apparently being abused to rob people out of their cryptocurrency.

The Mozilla team patched the vulnerability, bringing its browser, Firefox, to version 67.0.3. The team urges everyone using Firefox to update immediately.

"A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop," Mozilla engineers wrote in a security advisory posted today. "This can allow for an exploitable crash," they added. "We are aware of targeted attacks in the wild abusing this flaw."

The flaw has now been tracked as CVE-2019-11707.

The details about the flaw itself are scarce, but given that it was first discovered by Samuel Groß, a security researcher with Google Project Zero security team, and the Coinbase Security team, it’s safe to assume that the zero-day targeted cryptocurrency owners.

Not so long ago, Mozilla released new security tools for Firefox, with the aim of preventing malicious actors from stealing fingerprints and using cryptojacking.

Cryptojacking is a form of malware which hijacks the device and uses its computing power to mine cryptocurrency. A single, average computer or laptop can mine negligible amounts of cryptocurrency, but when you infest hundreds, if not thousands of machines and have them all mine, you can get your hands on quite a few virtual greens. Especially when the electricity bill is being paid by someone else.

Image Credit: David McBee / Pexels