Just the other day, Mozilla issued a patch for a recently-discovered zero-day vulnerability discovered in its Firefox browser. Unfortunately, it turns out that was not the only security flaw that the browser had because according to a report from ZDNet, it seems that Mozilla has since released yet another security patch for another zero-day flaw.
This particular vulnerability was discovered and used to target Coinbase employees and other cryptocurrency organizations. This vulnerability was found to be actively exploited, so unlike some other zero-day flaws discovered in the past, this actually poses a threat to Firefox users, especially those who might be dealing in cryptocurrency.
The report claims that the attack would work when Coinbase employees would receive spear-phishing emails that would contain links to malicious websites. If those links were clicked and visited using the Firefox browser, it would then download and execute an info-stealer application that would be able to scrap data like browser passwords.
However, the good news is that the flaw has since been patched so all users need to do is ensure that they have the latest version of Firefox and they’ll be good. This should be both Firefox 67.0.4 and Firefox ESR 60.7.2.