- Feb 4, 2016
- 2,520
So far, attacks are known only to target Mac users involved in cryptocurrency.
Hackers exploited a pair of potent zero-day vulnerabilities in Firefox to infect Mac users with a largely undetected backdoor, according to accounts pieced together from multiple people.
Mozilla released an update on Tuesday that fixed a code-execution vulnerability in a JavaScript programming method known as Array.pop. On Thursday, Mozilla issued a second patch fixing a privilege-escalation flaw that allowed code to break out of a security sandbox that Firefox uses to prevent untrusted content from interacting with sensitive parts of a computer operating system. Interestingly, a researcher at Google's Project Zero had privately reported the code-execution flaw to Mozilla in mid April.
Last edited by a moderator: