Bitcoin
$28,071.99-1.90%
Ethereum
$1,798.74+0.21%
XRP
$0.54461053+2.34%
Binance Coin
$316.59+1.36%
Arbitrum
$1.38+2.91%
Cardano
$0.37836200+0.42%
Stellar
$0.11120200+8.43%
Aptos
$11.21-0.79%
Dogecoin
$0.07469156-0.50%
Polygon
$1.09-1.75%
Solana
$20.40-2.52%
Binance USD
$0.99972476+0.00%
Chainlink
$7.35-0.76%
Polkadot
$6.21+0.77%
Crypto.com
$0.06806516-0.93%
Litecoin
$89.31-0.79%
Shiba Inu
$0.00001062+0.21%
Tron
$0.06540351+1.87%
Uniswap
$5.93+0.14%
Avalanche
$17.38+1.07%
Wrapped Bitcoin
$28,122.36-1.67%
Cosmos
$11.19+0.19%
Quant
$124.81-0.90%
Ethereum Classic
$20.36-0.13%
Monero
$155.86-2.95%
Internet Computer
$5.08+1.11%
dYdX
$2.48+0.21%
Bitcoin Cash
$121.64-0.77%
Lido DAO
$2.32-1.88%
Filecoin
$5.55-1.59%
Stepn
$0.38294804-0.83%
Hedera
$0.06893229+6.95%
Curve DAO Token
$0.91928317-1.70%
VeChain
$0.02293192-0.06%
NEAR Protocol
$1.92-1.93%
Algorand
$0.22203159-1.19%
ApeCoin
$4.11+0.58%
EOS
$1.18+2.34%
The Graph
$0.14273633-1.13%
Fantom
$0.45385034+0.11%
Decentraland
$0.57370139-2.14%
Stacks
$0.91887770-3.97%
NEO
$12.28-3.17%
Aave
$71.83-0.94%
The Sandbox
$0.61584814-1.25%
Elrond
$42.22-2.69%
Tezos
$1.11-1.17%
Immutable X
$1.12+1.37%
Theta
$1.01-0.68%
Flow
$0.96313553-1.59%
Axie Infinity
$8.19-2.14%
Luna Classic
$0.00012294-0.15%
Synthetix
$2.43-2.06%
Paxos Dollar
$0.97955841-2.06%
Optimism
$2.29+3.12%
PancakeSwap
$3.68+0.78%
Bitcoin SV
$35.21-1.27%
Maker
$678.16-0.86%
Mina
$0.75534631-1.43%
Mask Network
$6.50+0.60%
Dash
$56.26-1.10%
Chiliz
$0.11761798-0.58%
BitTorrent
$0.00000063+0.38%
eCash
$0.00003065+0.03%
IOTA
$0.21050553-0.34%
Convex Finance
$5.33-0.75%
Zcash
$38.05+2.70%
PAX Gold
$1,985.58+0.32%
Zilliqa
$0.02781753-0.04%
Loopring
$0.35262912-1.14%
FTX Token
$1.33+0.71%
THORChain
$1.40-1.16%
Compound
$42.04-2.24%
Kava.io
$0.87918643-2.22%
Nexo
$0.69953168-4.89%
Enjin
$0.38830908-0.98%
Fetch.ai
$0.36284854-2.18%
Injective Protocol
$4.72+9.65%
Basic Attention Token
$0.24877000-0.98%
NEM
$0.03900553-0.50%
Woo Network
$0.20593156-1.53%
Ethereum Name Service
$13.33-0.43%
Celo
$0.65318326-2.66%
Yearn Finance
$8,742.87-0.82%
Qtum
$3.05-0.41%
Terra 2.0/LUNA
$1.28-0.33%
Kusama
$34.33-1.69%
Decred
$20.25-3.64%
Ravencoin
$0.02561023-0.25%
Gala
$0.04025206-2.36%
Oasis Network
$0.05780774+0.47%
Bitcoin Gold
$14.81-4.45%
Audius
$0.28156706-1.30%
SXP
$0.53298562+6.52%
Sushiswap
$1.07+0.29%
Ankr
$0.03261317+0.99%
IoTeX
$0.02613544+1.42%
0x
$0.23487902+0.65%
JasmyCoin
$0.00492176+0.38%
UMA Protocol
$2.06-1.65%
Band Protocol
$1.81-2.28%
OMG Network
$1.58-2.61%
Ribbon Finance
$0.21640668-3.99%
Joe
$0.63185863+11.02%
Moonbeam
$0.36750549-1.16%
Amp
$0.00373734-1.34%
Waves
$2.08-1.58%
Siacoin
$0.00387138-0.78%
TerraUSD
$0.01987300-7.90%
ICON
$0.21494328-0.93%
Polymath Network
$0.17715311+3.56%
Alchemy Pay
$0.03488591-0.86%
Livepeer
$6.79-2.16%
Skale
$0.03961969-1.26%
Nervos Network
$0.00492118-3.72%
NuCypher
$0.11992731-1.21%
Wax
$0.06831221+0.47%
Celsius
$0.36154921+7.37%
DigiByte
$0.00949416-0.42%
SafePal
$0.47328774-1.95%
Lisk
$1.03-0.50%
Cartesi
$0.14055158-1.53%
MetisDAO
$24.77-3.03%
Secret
$0.65749105-0.75%
iExec RLC
$1.68-1.82%
Nano
$0.87406296-1.04%
Numeraire
$18.65+0.37%
Keep Network
$0.19879784-2.11%
Syscoin
$0.16255723-3.00%
Ren
$0.10812026-0.72%
Bancor
$0.56006402-0.71%
Smooth Love Potion
$0.00265045-0.92%
Civic
$0.10453055-0.27%
Spell Token
$0.00071190+4.97%
Aragon
$2.48+0.29%
Voyager Token
$0.33287399+0.32%
Chromia
$0.15872865-0.73%
Augur
$7.97-2.38%
COTI
$0.07572315-0.67%
Vulcan Forged PYR
$3.49-3.41%
Steem
$0.20289009-3.69%
WazirX
$0.16644955-2.87%
MOBOX
$0.47109863-0.22%
Request
$0.09651489-2.20%
NKN
$0.10372025+0.69%
XYO Network
$0.00508182-2.20%
Sun Token
$0.00643392+0.82%
Serum
$0.21180169-0.73%
Storj
$0.37102961+1.67%
Orchid
$0.08841373+2.24%
Ampleforth Governance
$3.32-2.74%
Stormx
$0.00544998-1.86%
Verge
$0.00276784-0.86%
Moonriver
$8.06-3.06%
Yield Guild Games
$0.24442701-5.29%
Alpaca Finance
$0.29240962-2.40%
Polkastarter
$0.41412898-2.09%
Quickswap
$86.71+0.43%
Index Chain
$0.05322759+0.81%
Raydium
$0.22940610-2.23%
Enzyme
$20.81-2.25%
CLV
$0.06163734-1.55%
Harvest Finance
$34.41-1.70%
district0x
$0.02990646+6.69%
Kyber Network
$0.70622721-1.00%
Samoyedcoin
$0.00342160-0.42%
SuperRare
$0.11717003+0.46%
Mirror Protocol
$0.09215299-1.08%
Quantstamp
$0.01658869-0.17%
Star Atlas DAO
$0.26079144+0.40%
SingularDTV
$0.000402100.00%
Tether
$1.00+0.02%
USD Coin
$1.00+0.03%
Dai
$0.99777317-0.20%
PlayIconNav
Crypto Prices CoinDesk Market Index
Markets

Mozilla Closes Holes That Led to Coinbase Hacks

Hackers used two simple Mozilla vulnerabilities to spear-phish Coinbase employees.

By John Biggs
AccessTimeIconJun 24, 2019 at 3:30 p.m. UTC
Updated Sep 13, 2021 at 9:21 a.m. UTC
fish hooks phishing

Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Secure Your Seat

Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Secure Your Seat

A pair of simple Mozilla vulnerabilities made it easier for hackers to phish Coinbase employees. The exploit, detailed by ZDNet, was a remote code execution attack that could force machines running Firefox to install spyware to capture passwords and other data.

The two vulnerabilities - CVE-2019-11708 and CVE-2019-11707 - first appeared in April 15 and hackers used them to spear-phish Coinbase employees. When they visited sites linked in the email the browser would download a piece of spyware to steal logins and other data.

Some detail from the exploit suggests that the bug could escalate privileges outside of the "sandbox" where most Mozilla code runs:

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

The two vulnerabilities combined to create a perfect storm, allowing hackers to run malware installers instantly. Researchers discovered the exploits on April 15 and they suspect that hackers saw them in Mozilla's Bugzilla bug tracking database and exploited them before they could be patched. The hack did not effect Coinbase users.

Mozilla

is asking users to update their browsers in order close these holes.

Image via Shutterstock.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Author placeholder image

Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Author placeholder image
Read more about
MozillaNewsHacks