Altcoin News: Firefox Critical Vulnerability Threatens Cryptocurrency Users: Update Required

June 19, 2019, by Marko Vidrih on ALTCOIN MAGAZINE

The Coinbase Security team and Google security researcher Samuel D. Gross discovered a zero-day vulnerability in the popular Mozilla Firefox browser, which can be used to implement a so-called type-mixing attack using Javascript objects.

This exploit was registered by experts under the code number CVE-2019–11707. It is known that in real conditions it has already been used to carry out attacks on users of cryptocurrency.

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop . This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw,” says a publication on the Firefox website.

Vulnerabilities of zero-day are called critical problems in the security of systems, information about which becomes known to third parties even before the release of the patch by the developers, because of which the latter has literally 0 days in stock to eliminate the defect.

Firefox assigned a critical or top-level threat to this vulnerability:

“Critical threat — A vulnerability can be used to launch an attacker code and install software without user involvement other than using a normal browser.”

The last time a problem of this level was detected in Firefox in 2016. Much of the information on the vulnerability itself is hidden from the general public — probably because of the continuing potential danger.

On Tuesday, the release of an updated version of Mozilla Firefox 67.0.3 appears, in which the problem was fixed. Cryptocurrency users are strongly recommended to upgrade to the latest version.

Author: Marko Vidrih