Author

Topic: Another FireFox vulnerability that can hit WebWallets (update 20-June) (Read 270 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
The bug was initially reported by the Coinbase Security Team, but they haven't yet said whether they were actually attacked via this method or not.

They were but attacked, but according to the article the attack was not successful.

https://www.zdnet.com/article/firefox-zero-day-was-used-in-attack-against-coinbase-employees-not-its-users/

-Dave
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
They released 67.0.4 today. So even if you updated yesterday, you get to do it again today.

-Dave
legendary
Activity: 2268
Merit: 18771
But, if you are using web wallets or an exchange that relies on JavaScript update your FireFox to 67.0.3
This doesn't just affect web wallets. It can affect your entire machine, including all wallets and any other sensitive data you may have on it. All Firefox users should upgrade immediately.

An "exploitable crash", as in the case of this bug, allows arbitrary code to be transferred and then ran outside of your browser. An attacker could do anything they want to your system after that if you have lax security measures in place. You can read more here: https://www.cisecurity.org/advisory/a-vulnerability-in-mozilla-firefox-could-allow-for-arbitrary-code-execution_2019-067/

The bug was initially reported by the Coinbase Security Team, but they haven't yet said whether they were actually attacked via this method or not.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Yeah I have to use mew on my trezor and it annoys me that there's no address verification like there is with bitcoin.

They used to enable noscript by default on Firefox, those were good times...
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Yet again why are you using web wallets?

This is for me one of the main problems of Ethereum in my opinion. They don´t have a proper desktop wallet.
Users are always forced to use something like metamask, mycrypto, myetherwallet or whatever browsing solution. Even Hardware wallet such as Ledger Nano relies on those software to make transactions.

In bitcoin you really shouldn't be using any web or browser wallets (such as addons) at all.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Yet again why are you using web wallets?
But, if you are using web wallets or an exchange that relies on JavaScript update your FireFox to 67.0.3 67.0.4

A bit more info here but you have to do another update.
https://www.zdnet.com/article/firefox-zero-day-was-used-in-attack-against-coinbase-employees-not-its-users/

-Dave
Jump to: