Share this article
Mozilla Closes Holes That Led to Coinbase Hacks
Hackers used two simple Mozilla vulnerabilities to spear-phish Coinbase employees.
By John Biggs
Updated Sep 13, 2021, 9:21 a.m. Published Jun 24, 2019, 3:30 p.m.
Make us preferred on Google
A pair of simple Mozilla vulnerabilities made it easier for hackers to phish Coinbase employees. The exploit, detailed by ZDNet, was a remote code execution attack that could force machines running Firefox to install spyware to capture passwords and other data.
The two vulnerabilities - CVE-2019-11708 and CVE-2019-11707 - first appeared in April 15 and hackers used them to spear-phish Coinbase employees. When they visited sites linked in the email the browser would download a piece of spyware to steal logins and other data.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Some detail from the exploit suggests that the bug could escalate privileges outside of the "sandbox" where most Mozilla code runs:
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.
The two vulnerabilities combined to create a perfect storm, allowing hackers to run malware installers instantly. Researchers discovered the exploits on April 15 and they suspect that hackers saw them in Mozilla's Bugzilla bug tracking database and exploited them before they could be patched. The hack did not effect Coinbase users.
is asking users to update their browsers in order close these holes.
Image via Shutterstock.
More For You
Pudgy Penguins is building a multi-vertical consumer IP platform — combining phygital products, games, NFTs and PENGU to monetize culture at scale.
What to know:
Pudgy Penguins is emerging as one of the strongest NFT-native brands of this cycle, shifting from speculative “digital luxury goods” into a multi-vertical consumer IP platform. Its strategy is to acquire users through mainstream channels first; toys, retail partnerships and viral media, then onboard them into Web3 through games, NFTs and the PENGU token.
The ecosystem now spans phygital products (> $13M retail sales and >1M units sold), games and experiences (Pudgy Party surpassed 500k downloads in two weeks), and a widely distributed token (airdropped to 6M+ wallets). While the market is currently pricing Pudgy at a premium relative to traditional IP peers, sustained success depends on execution across retail expansion, gaming adoption and deeper token utility.
More For You
Meta and Microsoft continue going big on AI Spending. Here's how bitcoin miners could benefit
In its fourth quarter earnings report, Meta said capital spending plans for 2026 should be in the range of $115-$135 billion, well ahead of consensus forecasts.
What to know:
- Fourth-quarter earnings results from Microsoft (MSFT) and Meta (META) suggested no slowdown in AI-related spending.
- Microsoft highlighted that AI is now one of its largest businesses and pointed to long-term growth.
- Meta projected sharply higher capital spending in 2026 to fund its Meta Super Intelligence Labs and core business.
Top Stories
