The recent Firefox’s zero-day security flaw was used in attacks against major crypto exchange and wallet service Coinbase, according to a tweet from Coinbase security researcher Philip Martin posted on June 20.
As Martin found, the reported critical zero-day vulnerability in Mozilla’s Firefox web browser, which was announced on June 18, has actually emerged along with another zero-day flaw that targeted Coinbase employees, meaning that there were two separate Firefox zero-day attacks.
The Coinbase security expert tweeted:
“On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.”
Martin continued that Coinbase was not the only crypto-related company targeted in the campaign, adding that the firm is working to report other businesses that they believe were also targeted. He emphasized that the company’s security team has seen “no evidence” that the exploit targeted Coinbase customers.
Coinbase Security first reported on the security flaw along with Samuel Groß, a security researcher with Google Project Zero’s security team, who argued that he first reported the bug to Mozilla on April 15, 2019.
Following these reports, Mozilla released security updates for its browser, admitting that the company is “aware of targeted attacks in the wild abusing this flaw.”