'Hackers exploited a pair of potent zero-day vulnerabilities in
Firefox to infect Mac users with a largely undetected backdoor,
according to accounts pieced together from multiple people.
Mozilla released an update on Tuesday that fixed a code-execution
On Thursday, Mozilla issued a second patch fixing a
privilege-escalation flaw that allowed code to break out of a security
sandbox that Firefox uses to prevent untrusted content from
interacting with sensitive parts of a computer operating system.
Interestingly, a researcher at Google's Project Zero had privately
reported the code-execution flaw to Mozilla in mid April.
On Monday, as Mozilla was readying a fix for the array.pop flaw,
unknown hackers deployed an attack that combined working exploits for
both vulnerabilities. The hackers then used the attack against
employees of Coinbase, according to Philip Martin, chief information
security officer for the digital currency exchange.'
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174