Firefox exploits involves Remote Code Execution and CryptoJacking

January 3, 2020
firefox mozilla ryptojacking spear phishing phishing remote code execution

The Mozilla Corporation has just patched a couple of zero-day weak points on its flagship browser – Firefox through two separate security updates. While the first zero-day flaw was described as a “remote code execution” vulnerability that enabled remote attackers to run a malicious code within the native process of the Firefox browser, the second one was known as a “sandbox escape” that allowed hackers to execute arbitrary codes on the operating system by escaping from Firefox’ security sandbox.

Several unknown hackers used the two Firefox security loopholes to plan a specific cryptojacking attack against Coinbase employees. The issue was confirmed by Coinbase Chief Information Security Officer (CISO) Philip Martin. Separately, one of the patched zero-day vulnerabilities has been found to give backdoor access to Apple Mac machines used for cryptocurrency exchange.

The remote code execution weak-point was registered as CVE-2019-11707 and it was first reported by a Google Project Zero security researcher. It was just patched earlier this week, just before fixing the sandbox escape issue that has been dubbed as CVE-2019-11708. Both vulnerabilities notably allowed the hackers to infiltrate the Coinbase staff.


Attack indicators shared by Mozilla CISO suggests that hackers would send a spear-phishing email to encourage the recipients to visit a website that can do remote code execution and collect personal data stored on Firefox. The hacking attack was particularly designed for both Apple Mac and Windows users.


Mozilla Corporation brought the Firefox Browser 67.0.3 and Firefox ESR 60.7.1 to fix the primary zero-day weak point. Afterwards, it released the Firefox Browser 67.0.4 and Firefox ESR 60.7.2 to patch the second zero-day weak point that was associated with the sandbox escape issue and contributed to the Coinbase hacking attack.

The exploit overrides Apple’s built-in security protocols, including XProtect and Gatekeeper, to install malicious contents on Apple Mac machines through Firefox. Microsoft Windows and Apple Mac users are urged to install the updated Firefox browser on their computers to avoid any or further spread of the incident.

About the author

Leave a Reply