BTC
$103,314.57
-
0.21%
ETH
$2,539.77
-
2.95%
USDT
$1.0001
+
0.01%
XRP
$2.4552
-
4.37%
BNB
$652.03
-
0.33%
SOL
$170.50
-
3.73%
USDC
$0.9998
+
0.00%
DOGE
$0.2224
-
5.13%
ADA
$0.7699
-
4.12%
TRX
$0.2742
-
1.36%
SUI
$3.8780
-
1.48%
LINK
$16.22
-
4.65%
AVAX
$23.51
-
6.82%
XLM
$0.2956
-
3.39%
SHIB
$0.0₄1487
-
6.31%
HYPE
$25.48
+
0.86%
HBAR
$0.1985
-
4.19%
LEO
$8.8639
+
0.75%
BCH
$392.43
-
3.08%
TON
$3.0935
-
5.71%
Logo
  • News
  • Prices
  • Data
  • Indices
  • Research
  • Consensus
  • Sponsored
  • Sign In
  • Sign Up
Advertisement

Consensus 2025

Consensus 2025

Prices Increase This Friday

15:01:14:13

15

DAY

01

HOUR

14

MIN

13

SEC

Register Now
Markets
Share this article
X iconX (Twitter)LinkedInFacebookEmail

Mozilla Closes Holes That Led to Coinbase Hacks

Hackers used two simple Mozilla vulnerabilities to spear-phish Coinbase employees.

By John Biggs
Updated Sep 13, 2021, 9:21 a.m. Published Jun 24, 2019, 3:30 p.m.
fish hooks phishing

A pair of simple Mozilla vulnerabilities made it easier for hackers to phish Coinbase employees. The exploit, detailed by ZDNet, was a remote code execution attack that could force machines running Firefox to install spyware to capture passwords and other data.

The two vulnerabilities - CVE-2019-11708 and CVE-2019-11707 - first appeared in April 15 and hackers used them to spear-phish Coinbase employees. When they visited sites linked in the email the browser would download a piece of spyware to steal logins and other data.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Some detail from the exploit suggests that the bug could escalate privileges outside of the "sandbox" where most Mozilla code runs:

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

The two vulnerabilities combined to create a perfect storm, allowing hackers to run malware installers instantly. Researchers discovered the exploits on April 15 and they suspect that hackers saw them in Mozilla's Bugzilla bug tracking database and exploited them before they could be patched. The hack did not effect Coinbase users.

Mozilla

is asking users to update their browsers in order close these holes.

Image via Shutterstock.

MozillaNewsHacks
John Biggs

John Biggs is an entrepreneur, consultant, writer, and maker. He spent fifteen years as an editor for Gizmodo, CrunchGear, and TechCrunch and has a deep background in hardware startups, 3D printing, and blockchain. His work has appeared in Men’s Health, Wired, and the New York Times. He runs the Technotopia podcast about a better future.

He has written five books including the best book on blogging, Bloggers Boot Camp, and a book about the most expensive timepiece ever made, Marie Antoinette’s Watch. He lives in Brooklyn, New York.

Picture of CoinDesk author John Biggs

Only 2 articles remaining this month.

Sign up for free

About

  • About Us
  • Masthead
  • Careers
  • CoinDesk News
  • Crypto API Documentation

Contact

  • Contact Us
  • Accessibility
  • Advertise
  • Sitemap
  • System Status
DISCLOSURE & POLICES
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.
EthicsPrivacyTerms of UseCookie SettingsDo Not Sell My Info

© 2025 CoinDesk, Inc.
X icon
Sign Up
  • News
    Back to menu
    News
    • Markets
    • Finance
    • Tech
    • Policy
    • Focus
  • Prices
    Back to menu
    Prices
    • Data
      Back to menu
      Data
      • Trade Data
      • Derivatives
      • Order Book Data
      • On-Chain Data
      • API
      • Research & Insights
      • Data Catalogue
      • AI & Machine Learning
    • Indices
      Back to menu
      Indices
      • Multi-Asset Indices
      • Reference Rates
      • Strategies and Services
      • API
      • Insights & Announcements
      • Documentation & Governance
    • Research
      Back to menu
      Research
      • Consensus
        Back to menu
        Consensus
        • Consensus Toronto
        • Toronto Coverage
      • Sponsored
        Back to menu
        Sponsored
        • Thought Leadership
        • Press Releases
        • CoinW
        • MEXC
        • Phemex
        • Advertise
      • Videos
        Back to menu
        Videos
        • CoinDesk Daily
        • Shorts
        • Editor's Picks
      • Podcasts
        Back to menu
        Podcasts
        • CoinDesk Podcast Network
        • Markets Daily
        • Gen C
        • Unchained with Laura Shin
        • The Mining Pod
      • Newsletters
        Back to menu
        Newsletters
        • The Node
        • Crypto Daybook Americas
        • State of Crypto
        • Crypto Long & Short
        • Crypto for Advisors
      • Webinars & Events
        Back to menu
        Webinars & Events
        • Consensus 2025
        • Policy & Regulation Conference
      Select Language
      English enEspañol esFilipino filFrançais frItaliano itPortuguês pt-brРусский ruУкраїнська uk