• Follow us

Technology

Firefox Users Warned to Patch Critical Flaw | Cybersecurity

Mozilla is urging users of its Firefox browsers to update them immediately to fix a critical zero-day vulnerability. Anyone using Firefox on a Windows, macOS or Linux desktop is at risk.

The vulnerability, CVE-2019011707, is a type confusion in Array.pop. It has been patched in Firefox 67.0.3 and Firefox ESR 60.7.1.

Mozilla announced the patch Tuesday, but the vulnerability was discovered by Samuel Groß of Google Project Zero on April 15.

Mozilla implemented the fix after digital currency exchange Coinbase reported exploitation of the vulnerability for targeted spearphishing attacks.

"On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign," Selena Deckelmann, senior director, Firefox Browser Engineering, told TechNewsWorld. "In less than 24 hours, we released a fix for the exploit."

The Significance of the Coinbase Hack

Hackers have been going after cryptocurrency with a vengeance. There have been as many attacks in the first half of this year as there were through the whole of last year, according to Cointelegraph.

So far this year, tens of millions of dollars' worth of cryptocurrencies been stolen have from exchanges, Cointelegraph said.

Cybercriminals stole nearly one billion dollars' worth of cryptocurrency by Q3 last year, Ciphertrace reported.

The attack on Coinbase is in keeping with the trend.

The exchange has been targeted repeatedly. In 2018, a string of hacks cost it more than 40 bitcoins.

In January, Coinbase temporarily froze all trading on Ethereum Classic after it detected an attack on the cryptocurrency's network.

The spearphishing attacks could be an attempt to gain control of the majority of a blockchain network's power, in what's called a " 51 percent attack."

David Vorick, cofounder of blockchain-based file storaeg platform SIA declared 2019 the year of the 51 percent attack.

Technical Details of the Flaw

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop, Mozilla said.

An array in JavaScript is a single variable used to store multiple elements. It often is used when devs want to store a list of elements and access them with a single variable.

A type, or data type, is an attribute of data that tells the compiler or interpreter how the programmer intends to use the data. It constrains the values that an expression such as a variable or a function might take, defining the operations that can be carried out on the data, the meaning of the data, and the way values of that type can be stored.

Type confusion occurs when a program uses one type to allocate or initialize a resource, such as an object, pointer or variable, but later uses another type that is incompatible with the first to access that resource. That can trigger logical errors because the resource does not have the expected properties. In some cases, it can lead to code execution.

The pop() method removes the last element from an array, returns that element, and changes the array's length.

"Array.pop is usually used with Array.push to delete and add new values to the array by developers," remarked Usman Rahim, digital security and operations manager at The Media Trust.

"This technique is also used by many malicious actors to shuffle obfuscated malicious code during execution," he told TechNewsWorld.

The Threat Level

Groß said the flaw can be exploited for remote code execution (RCE) and for universal cross-site scripting (UXSS).

Both methods have been used widely in past hack attacks.

RCE "will have the user at an attacker's mercy by thoroughly compromising the application and the Web server," Rahim said. Sophisticated attackers who know what they are looking for "can deal a severe blow."

UXSS is just as dangerous because it opens gates for attackers to inject malicious code and bypass or disable the browser's security features, he noted. It "can also be used as a first step to disable security in conjunction with other attacks."

Most exploits reported "are theoretical without evidence of active use," said Rob Enderle, principal analyst at the Enderle Group.

"This one has evidence of active use, meaning it's known and already people are taking advantage of it," he told TechNewsWorld.

"Given it was used in an attack, it's very dangerous, but it has been fixed," Enderle said. "This showcases that keeping your software products, particularly browsers, patched and up to date is incredibly important. Patching remains your best defense."

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology. Email Richard.

Read More



Leave A Comment

More News

TechNewsWorld

Clean Energy Solutions to Lower Your Electric Bill 2019-07-01 14:47:21Utility bills can get astronomical in the summer and winter. You can reduce those costs and your carbon footprint by signing up for Arcadia Power. Acc

The Democratic Debate That Wasn't: How Tech Could 2019-07-01 08:43:36I watched the Democratic debates last week and was struck by three things: I'd likely rather watch paint dry; the application of technology to improv

NSA Admits Improper Collection of Phone Data, 2nd 2019-06-27 05:39:54The ACLU has released documents showing the NSA improperly collected Americans' call and text logs in November 2017 and in February and October 2018.

Chinese Hackers Linked to Global Attacks on Telcos 2019-06-26 13:04:05Chinese hackers likely are responsible for a series of cyberattacks against telecommunications companies around the world, security researchers have r

Next-Gen Raspberry Pi 4 Packs Power Plus Potential 2019-06-25 13:59:05The next big Raspberry Pi thing is now here, with lots more computing power and more options. The Raspberry Pi Foundation has announced the availabili

Proposed Law Would Force Big Tech to Reveal 2019-06-25 06:15:22A Democrat and a Republican have filed a U.S. Senate bill to require companies to report to financial regulators and to the public what consumer data

6 Things We Won't Be Able to Live 2019-06-24 14:53:38Things rarely happen as fast as we think or progress as slowly as we hope. We all thought we'd have flying cars by the end of last century, for insta

Uber Drones to Make Meal Drops This Summer 2019-06-21 05:57:31Uber Elevate, the aerial arm of rideshare service Uber, will test a fast food delivery by drone service later this summer in San Diego. Delivery dest

Firefox Users Warned to Patch Critical Flaw 2019-06-20 06:23:16Firefox users should update their browsers immediately to fix a critical zero-day vulnerability. Anyone using Firefox on a Windows, macOS or Linux des

In Zuck We Trust: Facebook to Launch Own 2019-06-19 13:37:13Facebook's plans to mint its own digital coin will test the company's consumer credibility. After being savaged for months for its cavalier attitude

Instagram Targets Account Hijacking 2019-06-18 13:42:04Account hijacking has become a nettlesome problem at Instagram so it has decided to do something about it. The social media company has begun testing

Improving Digital Literacy in the Workplace 2019-06-17 18:50:57It's anticipated that in the next five years 90 percent of the workforce will require at least basic computer skills, such as using email or company

PCWorld

Nvidia's GeForce RTX 'Super' cards aim to one-up 2019-07-02 09:00:00Nvidia promised something Super is coming well over a month ago, and on Tuesday, the wait paid off. The graphics company unveiled not one, not two, bu

Nvidia GeForce RTX 2060 Super and RTX 2070 2019-07-02 09:00:00Nvidia promised something Super is coming well over a month ago, and on Tuesday, it finally delivered. Spoiler alert: The wait was worth it.The $399 G

Best robot vacuums: We name the most effective 2019-07-02 06:00:00Vacuuming is one of the most hated household chores. Here are your best choices for outsourcing it to some automated help.

Ecovacs Deebot 500 review: This budget-priced household helper 2019-07-02 06:00:00With app control plus Amazon Alexa and Google Assistant support, this robot vacuum packs a punch for the price.

The five devices you need to work anytime 2019-07-01 23:00:00The modern workplace is more flexible than ever before. This is mainly thanks to high-speed internet connections and the huge advancements in mobile t

Four reasons to buy an Always-Connected PC 2019-07-01 23:00:00 Laptops have always been a perfect blend of portability and power, making them the ideal solution for working whether you’re at home, in the of

Microsoft's fall release of Windows 10 will be 2019-07-01 18:25:00If you’ve been wondering what Microsoft’s next feature release of Windows 10—19H2—has in store, the answer is: not much.Micros

Tobii lands former Intel PC chip VP to 2019-07-01 17:51:00Eye-tracking tech provider Tobii said Monday that it has named Anand Srivatsa, the former vice president of Intel’s Client Computing Group, as T

Best power banks of 2019: The top USB 2019-07-01 13:24:00Anyone who uses a smartphone knows the importance of carrying a backup power bank. But given the large number of options on Amazon, you might feel ove

Best cheap laptops: We rate the best-sellers on 2019-07-01 10:05:00When you’re looking for a good, cheap laptop, knowledge is power. Every budget machine (which we’re defining as Windows laptops costing $5

OmniCharge Omni 20+ Power Bank review: A one-stop 2019-07-01 06:30:00The OmniCharge Omni 20+ is a successful follow up to the Omni 20, simply because OmniCharge no longer has different models of the same charger with di

Bose Home Speaker 300 review: A versatile smart 2019-07-01 06:00:00The newest (and smallest) addition to Bose’s smart speaker line sounds sweet, speaks both Amazon Alexa and Google Assistant, and encourages the

FOX News

Germany fines Facebook $2.3 million for violating hate 2019-07-02 12:56:36Germany hit Facebook with a fine for a lack of transparency in how it handles and reports hate speech complaints.

Facebook buildings evacuated after mail tests positive for 2019-07-01 16:47:27Four buildings that receive and mail for social media giant Facebook were evacuated Monday after a bag of mail tested positive for the nerve

Soldiers use AI to fire precision grenades, guide 2019-07-01 15:50:32The Pentagon’s research and technology arm is testing a “breakthrough” AI-enabled technology for dismounted mobile combat units that

Tiny robots are ‘dominating space’ 2019-07-01 15:30:19China calls them scavengers, Russia calls them inspectors and the US calls them threats.

Civil rights activists slam Facebook's 'insufficient' attempts to 2019-07-01 12:48:20Facebook's latest update on its ongoing companywide civil rights audit has been criticized by activists who say that the social network needs to do m

Facebook cryptocurrency, life-saving smartphones and more: Tech Q&A 2019-06-30 07:00:55Please help me solve a debate. I say my smart TV can get bit by malware and viruses. My buddy says I am a dope. Who’s right? A six-pack is ridin

4 chilling lessons from a tech hotline scam 2019-06-29 07:00:32Some people think they’re immune to cybercriminals. “I’m not even on their radar,” they think. “What are the chances tha

Seedy app that 'undressed' women sparks backlash, taken 2019-06-28 15:36:41A seedy app that used a type of artificial intelligence to “undress” images of clothed women has been taken offline by its developers.

Apple moves production of $6G Mac Pro to 2019-06-28 09:50:19Apple is manufacturing its new Mac Pro computer in China, according to people familiar with its plans, shifting abroad production of what had bee

Google Maps can now tell you how bad 2019-06-28 09:35:00Three weeks after Google announced Google Maps updates to help you stay safe in the event of a natural disaster, the company detailed a solution for a

Apple wants to make Oscar-worthy movies to beef 2019-06-17 12:50:56Apple has Oscar envy.

Google wants next billion users, but has no 2019-06-17 11:09:24Google CEO Sundar Pichai said his company doesn't have plans to launch in China, but that doesn't mean the tech giant wants to ignore its hundreds o

TechCrunch

Superhuman removes email location logging, will turn read 2019-07-03 18:40:41Superhuman, the buzzy and currently invite-only email startup that you might have come across even if you yourself don’t have access if you&rsqu

Pod Foods gets VC backing to reinvent grocery 2019-07-03 17:51:22How a failed cookie startup paved the way for next-gen logistics and distribution software.

Lotus’ first electric hypercar finally has a name 2019-07-03 17:48:48The Goodwood Festival of Speed is shaping up to be a big moment for Lotus. The company is finally taking “some” of the wraps off of its fi

Earios is a new podcast network for women 2019-07-03 17:30:59It might seem like you’ve now got podcasts covering any and every conceivable topic, but comedy writer and actor Maria Blascucci argued that the

With Super Mario Maker 2, Nintendo both unleashes 2019-07-03 17:01:03Nintendo's Mario Maker series is among the most generous gifts the company could have given to its fans, and the new installment on Switch is better

Bird investor Upfront Ventures eyes $250M growth fund 2019-07-03 16:03:05The LA-based VC closed on $400 million for its latest early-stage fund in 2017.

Appeals court rules Amazon can be held liable 2019-07-03 15:57:41In a blow to Amazon, a U.S. appeals court ruled that the mega-retailer can be held accountable for faulty third-party sales. The ruling arrived this w

We still don’t know how much of Libra 2019-07-03 15:29:54The $10 million entry fee to join the Facebook-developed cryptocurrency’s Libra Association is merely a minimum. Members who’ll verify tra

GPS on the Moon? NASA’s working on it 2019-07-03 15:23:06If you're driving your car from Portland to Merced, you probably rely on GPS to see where you are. But what if you're driving your Moon rover from O

Pax Labs CEO Bharat Vasan and serial founder 2019-07-03 15:12:30The legalization of cannabis and hemp for medicinal and recreational use in states across the U.S. and in Canada has opened up a huge vein of green, g

Bored before the holiday? Go play the game 2019-07-03 15:11:44The concept of a Google Doodle — the little widget that sometimes replaces the Google logo on the company’s main search page — has g

Daily Crunch: FaceTime gets an eye contact upgrade 2019-07-03 14:09:24The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox ever

Electrek

Jeda launches new Tesla Model 3 USB hub 2019-07-03 18:25:57 Tesla is starting to have a lot of different features utilizing the USB ports in its center console, like Sentry Mode and phone charging, and it can

Podcast: Tesla’s incredible delivery numbers, TSLA departures, Model 2019-07-03 15:47:02 This week on a special holiday weekend Wednesday Electrek Podcast, we discuss the most popular news in the world of sustainable transport and energy,

Tesla is going to allow solar roof and 2019-07-03 14:38:31 Tesla is going to enable homeowners with Tesla solar roof tiles and solar panels to access and dive deep into their own power generation data. more&h

Milwaukee’s Electric String Trimmer is $199 (33% off), 2019-07-03 13:31:00 Today only, Home Depot offers the Milwaukee M18 FUEL 18V Cordless Electric String Trimmer for $199. That’s a $100 savings from the regular

Tesla Pickup truck overtakes Ford F150 as most 2019-07-03 12:59:19 Tesla is good at creating hype without advertising and the Tesla Pickup truck is no exception as it overtakes the Ford F150 as the most talked about

Recent Rivian hires come from Tesla, McLaren, Ford 2019-07-03 12:42:04 Rivian has grown to employ 750 people, with a new report detailing the startup’s recent hires from Tesla, Ford, and McLaren — but most no

Waymo gains approval for transporting passengers in self-driving 2019-07-03 10:51:54 As Waymo continues its push for a driverless future, the Alphabet company is trying to expand to more regions. This week, the state of California has

How climate change deniers inserted themselves into the 2019-07-03 10:35:13 In the ongoing saga of the Trump administration’s efforts to roll back fuel economy standards, it’s been known that automakers sought to

EGEB: A Michigan ‘smart energy district,’ coal country 2019-07-03 09:02:40 In today’s EGEB: Jackson, Michigan is creating a “smart energy district” for energy innovation and testing. Sky-high energy bills i

VW unveils beautiful Type 2 electric conversion microbus 2019-07-03 08:58:59 Volkswagen (VW) has unveiled an electric conversion concept for its iconic Type 2 microbus to celebrate 20 years at its Electronics Research Laborato

Brose unveils all new whisper-quiet electric bicycle drive 2019-07-03 08:31:11 Brose just unveiled its newest electric bicycle drive system. While the company is best known for its ultra quiet mid-drive motor systems, Brose has

Tesla Model 3 aces crash test, sets ‘new 2019-07-03 04:00:43 The European New Car Assessment Programme (Euro NCAP) has released safety and crash test results for new vehicles, including the Tesla Model 3, which


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.