• Follow us

Technology

Firefox Users Warned to Patch Critical Flaw | Cybersecurity

Mozilla is urging users of its Firefox browsers to update them immediately to fix a critical zero-day vulnerability. Anyone using Firefox on a Windows, macOS or Linux desktop is at risk.

The vulnerability, CVE-2019011707, is a type confusion in Array.pop. It has been patched in Firefox 67.0.3 and Firefox ESR 60.7.1.

Mozilla announced the patch Tuesday, but the vulnerability was discovered by Samuel Groß of Google Project Zero on April 15.

Mozilla implemented the fix after digital currency exchange Coinbase reported exploitation of the vulnerability for targeted spearphishing attacks.

"On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign," Selena Deckelmann, senior director, Firefox Browser Engineering, told TechNewsWorld. "In less than 24 hours, we released a fix for the exploit."

The Significance of the Coinbase Hack

Hackers have been going after cryptocurrency with a vengeance. There have been as many attacks in the first half of this year as there were through the whole of last year, according to Cointelegraph.

So far this year, tens of millions of dollars' worth of cryptocurrencies been stolen have from exchanges, Cointelegraph said.

Cybercriminals stole nearly one billion dollars' worth of cryptocurrency by Q3 last year, Ciphertrace reported.

The attack on Coinbase is in keeping with the trend.

The exchange has been targeted repeatedly. In 2018, a string of hacks cost it more than 40 bitcoins.

In January, Coinbase temporarily froze all trading on Ethereum Classic after it detected an attack on the cryptocurrency's network.

The spearphishing attacks could be an attempt to gain control of the majority of a blockchain network's power, in what's called a " 51 percent attack."

David Vorick, cofounder of blockchain-based file storaeg platform SIA declared 2019 the year of the 51 percent attack.

Technical Details of the Flaw

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop, Mozilla said.

An array in JavaScript is a single variable used to store multiple elements. It often is used when devs want to store a list of elements and access them with a single variable.

A type, or data type, is an attribute of data that tells the compiler or interpreter how the programmer intends to use the data. It constrains the values that an expression such as a variable or a function might take, defining the operations that can be carried out on the data, the meaning of the data, and the way values of that type can be stored.

Type confusion occurs when a program uses one type to allocate or initialize a resource, such as an object, pointer or variable, but later uses another type that is incompatible with the first to access that resource. That can trigger logical errors because the resource does not have the expected properties. In some cases, it can lead to code execution.

The pop() method removes the last element from an array, returns that element, and changes the array's length.

"Array.pop is usually used with Array.push to delete and add new values to the array by developers," remarked Usman Rahim, digital security and operations manager at The Media Trust.

"This technique is also used by many malicious actors to shuffle obfuscated malicious code during execution," he told TechNewsWorld.

The Threat Level

Groß said the flaw can be exploited for remote code execution (RCE) and for universal cross-site scripting (UXSS).

Both methods have been used widely in past hack attacks.

RCE "will have the user at an attacker's mercy by thoroughly compromising the application and the Web server," Rahim said. Sophisticated attackers who know what they are looking for "can deal a severe blow."

UXSS is just as dangerous because it opens gates for attackers to inject malicious code and bypass or disable the browser's security features, he noted. It "can also be used as a first step to disable security in conjunction with other attacks."

Most exploits reported "are theoretical without evidence of active use," said Rob Enderle, principal analyst at the Enderle Group.

"This one has evidence of active use, meaning it's known and already people are taking advantage of it," he told TechNewsWorld.

"Given it was used in an attack, it's very dangerous, but it has been fixed," Enderle said. "This showcases that keeping your software products, particularly browsers, patched and up to date is incredibly important. Patching remains your best defense."

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology. Email Richard.

Read More



Leave A Comment

More News

TechNewsWorld

Social Media, Crafters, Gamers and the Online Censorship 2019-07-12 15:09:30Ravelry, an online knitting community that has more than 8 million members, last month announced that it would ban forum posts, projects, patterns and

Debian Linux 10 'Buster' Places Stability Ahead of 2019-07-12 08:00:00After 25 months of development, the makers of the granddaddy of the Linux OSes released an upgrade that updates many of the software packages and play

Zoom Flaw Turns Mac Cam into Spy Cam 2019-07-10 12:42:04A security researcher has found a flaw in the popular video conferencing app Zoom that could be used to turn on the camera on a Macintosh computer wit

The Router's Obstacle-Strewn Route to Home IoT Security 2019-07-10 08:00:00It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT

FBI, ICE Turn Drivers' Licenses Into Facial Recognition 2019-07-09 08:00:00State motor vehicle departments have become a rich source of facial recognition data for and FBI and Immigration and Customs Enforcement agents. Resea

Mageia 7 Pushes Linux Desktop Boundaries 2019-07-08 14:51:12Mageia 7 redefines the concept of traditional Linux. It is a solid operating system well suited to both newcomers and seasoned Linux users alike. The

Anticipating the Merger of Apple and Oracle 2019-07-08 13:01:14After reading about the departure of Jony Ive, I'm trying to wrap my head around Apple without a design focus. Now this isn't as hard as you might t

Can You Hear Me Now? Staying Connected During 2019-07-03 08:00:00While good communication is pretty much universally beneficial, there are times when it's more so than others. One such time? During a cybersecurity

Clean Energy Solutions to Lower Your Electric Bill 2019-07-01 14:47:21Utility bills can get astronomical in the summer and winter. You can reduce those costs and your carbon footprint by signing up for Arcadia Power. Acc

The Democratic Debate That Wasn't: How Tech Could 2019-07-01 08:43:36I watched the Democratic debates last week and was struck by three things: I'd likely rather watch paint dry; the application of technology to improv

NSA Admits Improper Collection of Phone Data, 2nd 2019-06-27 05:39:54The ACLU has released documents showing the NSA improperly collected Americans' call and text logs in November 2017 and in February and October 2018.

Chinese Hackers Linked to Global Attacks on Telcos 2019-06-26 13:04:05Chinese hackers likely are responsible for a series of cyberattacks against telecommunications companies around the world, security researchers have r

PCWorld

How to build a killer PC for cheap 2019-07-17 13:26:00My, how far we’ve come in half a year. RAM and SSD prices have dropped so much that in combination with Amazon Prime Day’s PC component sa

Emoji are getting more inclusive on your iPhone 2019-07-17 11:43:00In case you forgot to buy your phone a present, it’s World Emoji Day today. And to celebrate, Apple and Google have unveiled a slew of new emoji

Scout’s $99 video doorbell promises to detect people 2019-07-17 09:00:00The makers of a new, bargain-priced smart doorbell claims it's found a better way of detecting people on your doorstep, as opposed to cars or critter

Google Pixel 3a review: A budget phone that 2019-07-17 06:09:00The Google Pixel 3a makes a strong case for tossing out the spec sheet. On paper, it looks like yet another boring budget smartphone, with a middling

V-Moda M100 Crossfade Master headphone review: The best 2019-07-17 06:00:00The first real collaboration between V-Moda and majority stakeholder Roland delivers sonic refinements and performance improvements in just about ever

Ryzen 3000 Review: AMD's 12-core Ryzen 9 3900X 2019-07-17 06:00:00Our review of AMD’s 12-core Ryzen 9 3900X CPU, in five words:Damn, this CPU is fast.But keep reading, because the Ryzen 9 3900X is lik

Nextbase 422GW dash cam review: Superior video and 2019-07-17 05:00:00Nextbase’s new GW modular series, including the $230 422GW reviewed here, have raised the bar for dual-channel dash cams. They’re pricey,

How to make voice and video calls using 2019-07-16 18:20:00You can use Alexa on your Amazon Echo to make calls without a mobile number or landline? Here's how.

How to play music you own on an 2019-07-16 17:57:00Play your own MP3 collection on an Amazon Echo or other Alexa devices using Plex or My Media.

AMD has a loaner program for third-gen Ryzen 2019-07-16 14:39:00Because of limitations in a motherboard's BIOS, third-generation Ryzen chips may not boot with older AM4 motherboards. The solution? An exchange prog

Yamaha YAS-207 soundbar review: A taste of immersive 2019-07-16 11:10:00The first soundbar with DTS Virtual:X technology is impressive, but it's not perfect.

Eero Home WiFi System 2 review: Beacons make 2019-07-16 10:37:00The second-generation Eero Home WiFi System is even easier to set up than the first, thanks to wireless access points called Beacons that plug straigh

TechCrunch

Uber and Lyft drivers demand better pay, workplace New! 2019-07-18 19:26:14As Assembly Bill 5 makes its way through the California state legislature, Uber and Lyft drivers are voicing their demands for better pay, basic workp

Hardware startups take center stage for Hardware Battlefield New! 2019-07-18 19:00:28Software grabs so much attention that it even has its own catchphrase — there’s an app for that. It’s not a bad thing, but we know n

VMware acquires ML acceleration startup Bitfusion New! 2019-07-18 18:50:13VMware today announced that it has acquired Bitfusion, a former participant in our Startup Battlefield competition. Bitfusion was one of the earliest

CrowdStrike impresses with first earnings report New! 2019-07-18 18:40:13CrowdStrike sees revenue growth of more than 100% year-over-year in first earnings report.

How autonomous vehicles and hyperloop are scooting along New! 2019-07-18 18:00:36Will transportation technologies become the industry disruptors many pundits suggested they would?

SpaceX shares video of multiple Crew Dragon parachute New! 2019-07-18 17:51:31SpaceX is providing a closer look at some of its Crew Dragon parachute recovery system testing, with a new video compiling footage of a number of test

Submittable raises $10M to help publishers and other New! 2019-07-18 17:44:39Submittable is announcing that it has raised $10 million in Series B funding. When I first wrote about the company in 2012, it was focused on helping

Azure revenue continues to slow down for Microsoft New! 2019-07-18 17:28:03Microsoft reported in its FY19, Q4 earnings report today that Azure, the company’s infrastructure as a service (IaaS) offering, grew at 64%. It

Boeing set to take $4.9 billion Q2 charge New! 2019-07-18 17:26:14Boeing’s 737 Max fiasco has cast a dark shadow over the company’s reputation and is impacting the company’s financials in a major wa

Rent the Backyard wants to build a studio 2019-07-18 16:56:17Rent the Backyard is one of the rare startups with a name that perfectly suits what it does. The company, which is part of Y Combinator’s curren

This is one way Toyota plans to shuttle 2019-07-18 15:58:02When thousands of people converge on Tokyo for the 2020 Olympic and Paralympic Games, the city’s infrastructure will be tested. Toyota is gettin

How Carl Pope helped drive a $500 million 2019-07-18 15:53:50Billionaire businessman and philanthropist Michael Bloomberg recently pledged to rapidly spend $500 million in a bid to push the U.S. “Beyond Ca

FOX News

FaceApp security concerns: Experts say Russians might own 2019-07-17 14:16:04The viral FaceApp photo filter, which allows you digitally age yourself by a few decades, but experts are warning that the app poses several security

Former Microsoft employee bought $1.6M house after stealing 2019-07-17 13:42:58A 25-year-old former Microsoft employee, who helped simulate tech company's digital retail sales, has been charged Tuesday after swiping gift cards a

Oakland bans the use of facial recognition, becoming 2019-07-17 13:14:30The Oakland City Council voted unanimously to prevent city employees, including the police, from using or acquiring it facial recognition technology o

On World Emoji Day, Apple and Google continue 2019-07-17 12:48:21Apple and Google are taking World Emoji Day seriously, rolling out dozens of new emojis that of course include cute critters, but also expand the numb

Google says controversial Chinese search app Dragonfly has 2019-07-17 11:31:27Under withering questions from GOP Sen. Josh Hawley, a top Google executive said the company has "terminated" its censored Chinese search engine pro

Elon Musk wants to merge our brains with 2019-07-17 10:37:07Of the many adjectives that can describe Elon Musk, ambitious is at the top of the list.

AOC, Sanders demand probe of Amazon's 'grueling, unsafe' 2019-07-17 10:12:48New York Democratic Rep. Alexandria Ocasio-Cortez and Vermont Sen. Bernie Sanders, along with a group of other lawmakers, have demanded that the Occup

Army prototypes range-doubling new artillery weapon to outgun 2019-07-17 08:36:27The Army is building prototypes of a new artillery cannon that can more than double the range of existing weapons and vastly alter the strategic and t

AOC, Trump join list of celebs and social 2019-07-16 18:17:26While Rep. Alexandria Ocasio-Cortez, D-N.Y., and President Trump differ vastly in their political views, a new ranking highlights some common ground b

Bernie Sanders says he'd 'absolutely' try to break 2019-07-16 14:47:30Vermont Sen. Bernie Sanders said today that he would "absolutely" look to break up Big Tech giants like Facebook, Amazon and Google on antitrust gro

Rubik's Cube solved by deep learning algorithm in 2019-07-16 14:12:49Artificial intelligence, which may at some point automate your job and can already defeat professionals in six-player poker, is now able to solve Rubi

Twitter's Jack Dorsey maxes out donations to Tulsi 2019-07-16 12:13:12Twitter CEO Jack Dorsey has donated thousands of dollars to U.S. Representative and presidential candidate Tulsi Gabbard, according to Federal Electio

Thetechhacker

How to Create Fake Text Message (Android & 2019-07-18 13:37:37Have you ever wondered on how to create fake text message like the ones you see in memes? Or ever stuck in some situation from which you want to get o

How to fix Android “not registered on a 2019-07-18 12:31:41Android “not registered on network error” is a quite annoying problem when we try to insert the SIM card on Android device. It is the most

Viral app FaceApp’s Privacy Policy is terrible and 2019-07-18 03:35:49You must have already heard about FaceApp and the viral hashtag #faceappchallenge. This is a challenge where you need to post your pictures of how you

Clone apps of FaceApp going viral and you 2019-07-18 02:58:09As we have seen many times in the past, Internet users are a very weird bunch of people. There are apps and websites that have been made viral which s

The beginner’s guide to WebRTC 2019-07-17 14:01:34The web is constantly developing. As people come up with new ideas on how to use the web in innovative ways, new technologies have to be created to en

Does your Android phone need extra security? 2019-07-17 13:29:03Technology is evolving rapidly, but with it comes new threats to mobile security. Whereas many of us are wise to the dangers on our home computers, pr

Chinese app developer CooTek banned by Google for 2019-07-17 03:35:21While Google is known to be very strict when it comes to bad apps, there are some instances when someone gets into the system. One such case was recen

Elon Musk says Neuralink plans to develop brain-reading 2019-07-17 03:08:39If you have never heard about Neuralink before, it is a secretive company from Elon Musk like many others. This company develops brain-machine interfa

Harman Kardon Allure 2019-07-16 23:52:07The post Harman Kardon Allure appeared first on Thetechhacker.

eufy Genie Smart Speaker 2019-07-16 13:13:57The post eufy Genie Smart Speaker appeared first on Thetechhacker.

JAM HX-P590BK 2019-07-16 13:10:39The post JAM HX-P590BK appeared first on Thetechhacker.

Best retail POS Softwares for your business 2019-07-16 12:14:03(POS) Software or Point of Sale Software helps you manage accounts, payments, invoices, inventory, and many more things for a small to scaled business

SlashGear

Southwest cancels Boeing 737 Max flights until early New! 2019-07-18 19:34:11Following similar recent announcements by United and American, Southwest Airlines has announced that its Boeing 737 Max flights have been cancelled un

Link your Epic and YouTube accounts for free New! 2019-07-18 18:48:19Epic Games is making it easy for Fortnite players to get new free rewards. The company has teamed up with YouTube for live Fortnite Competitive and sp

NASA and ESA pick ‘eccentric’ halo orbit for New! 2019-07-18 18:03:35Officials with NASA and the European Space Agency (ESA) have settled on which orbit will be used for the future lunar Gateway outpost, the agencies ha

Colorado deputies will wear Galaxy S9 phones as 2019-07-18 17:08:15Forget low-quality bodycams that produce muffled audio and shaky, grainy video. Samsung has announced that the Kit Carson Sheriff’s Office in Bu

Overwatch’s incoming Role Queue will be a massive 2019-07-18 16:54:53Overwatch turned three years old back in May, and over the past three years, the metagame has shifted a few times. It won’t be long, however, be

If this is the 2020 Corvette C8 dashboard 2019-07-18 16:39:31Chevrolet is still hours away from pulling the wraps off the 2020 Corvette C8, but that hasn’t stopped what looks like a leaked image of the hot

Toyota unveils futuristic shuttle for the 2020 Tokyo 2019-07-18 16:05:17Toyota has introduced its new ‘Accessible People Mover,’ a shuttle featuring a futuristic design that will transport visitors during the 2

Plants vs Zombies 3 is coming – here’s 2019-07-18 15:56:10The Plants vs. Zombies franchise has been silent for a while now, but that all changed today, with Electronic Arts revealing that Plants vs. Zombies 3

Top Gun: Maverick trailer YouTube release live: Fast 2019-07-18 15:44:51The man known as Maverick is back approximately 35 years after the events of the original Top Gun film. Captain Pete “Maverick” Mitchell i

Instagram plans to ban more users, but will 2019-07-18 15:09:19Instagram has updated its account disable policy in a way that will potentially result in more accounts getting banned. The change was made in order t

YouTube Music’s latest feature plays to its strengths 2019-07-18 14:53:22In the war for music streaming dominance, functionality and feature sets are a big deal. YouTube Music’s recent launch means it has some catchin

Samsung Galaxy Fold ready to launch again 2019-07-18 14:28:26The Samsung Galaxy Fold is ready for release according to industry sources today. This information comes from industry professionals and professors at

Electrek

Illuminate outdoor spaces with this 9W Solar LED 2019-07-18 13:34:40 DrawGreen via Amazon offers its 2-way 9W Solar Outdoor Light for $19.96 Prime shipped when promo code OJETJRKO is applied during checkout.

This new lightweight $29,000 electric car can be 2019-07-18 12:51:40 The Nobe 100 is a new lightweight electric car currently offered for ~$29,000 and it can be parked vertically on a wall to save space. more… S

Volkswagen compares EV ‘mission’ to 1969 moon landing, 2019-07-18 11:49:34 Volkswagen has released its latest EV-focused video for the US, as the automaker compares the electric future to the moon landing, as the 50th annive

Energica planning small-ish (and presumably affordable) electric motorcycles 2019-07-18 11:14:31 Energica, the Italian manufacturer of high power electric racing motorcycles, has a new target in sight. The company has just announced plans to deve

Toyota is building 200 electric shuttles just for 2019-07-18 10:34:05 Toyota is known as a lagger in the auto industry when it comes to all-electric vehicles, but it is actually building an all-electric shuttle just for

Samsung to provide batteries for Volvo’s electric trucks 2019-07-18 09:18:28 Volvo Group and Samsung SDI have entered a new strategic alliance that focuses on the development and supply of batteries for Volvo’s electric

Curtiss unveils latest Hades electric motorcycle design and 2019-07-18 08:53:18 Curtiss Motorcycles has been on a roll lately by releasing a number of concept designs for high-power electric motorcycles, as well as real-world pro

EGEB: GE and BlackRock do solar, rooftop solar’s 2019-07-18 08:33:07 In today’s EGEB: GE and BlackRock come together to work on solar. A look at the “true value” of rooftop solar. The largest offshore

NIU electric scooters to retail in US for 2019-07-18 08:25:29 NIU, one of the most popular electric scooter manufacturers in China, is preparing to begin sales in the US. But the highly anticipated US debut will

Tesla now offers Model 3 Performance for less 2019-07-18 06:33:25 With the most recent price and option changes, Tesla also made some off-the-menu changes and that includes offering the Model 3 Performance for less

Tesla releases new Autopilot safety and fire report, 2019-07-17 20:57:43 Tesla has released its new Autopilot safety report for the second quarter of 2019 and added more data about fire events. It’s the automaker&rsq

Audi starts working on factory for e-tron GT 2019-07-17 14:40:26 Audi is working on its first electric sedan, the e-tron GT, unveiled at the LA auto show last year. It is now starting preparation work at a factory

Ars Technica UK

Microsoft closes fiscal 2019 with revenue spikes driven New! 2019-07-18 19:00:00It's looking sunny up in the cloud, with revenue jumps for Azure, Office 365, and more.

Shkreli stays in jail; Infamous ex-pharma CEO quickly New! 2019-07-18 17:35:20The three-judge panel disagreed with Shkreli's argument that jurors were misinformed.

As Russian “FaceApp” gobbles up user photos, Schumer 2019-07-18 17:08:18FaceApp—which edits photos to make you look older—says no pics stored in Russia.

Facebook is backpedaling from its ambitious vision for 2019-07-18 16:55:18Under pressure from regulators, Facebook is rethinking Libra's design.

Top Gun: Maverick world premiere trailer: It’s not 2019-07-18 16:26:59Two-minute trailer is scant on details, so we pick apart Maverick's return.

Nigerian scammers slide into DMs, so Ars trolls 2019-07-18 15:58:48Romance scams persist, somehow, by preying on the gullible; Twitter is fertile ground.

The Greatest Leap, part 3: The triumph and 2019-07-18 14:50:50Across the cislunar blackness, we set sail for a landing that almost didn't happen.

New trailer for IT Chapter Two ratchets up 2019-07-18 14:29:44Pennywise gets nostalgic: "For 27 years I dreamt of you. I craved you. I missed you."

Dealmaster: A handful of good Prime Day deals 2019-07-18 14:00:35Including deals on good board games, Samsung SSDs, Roku streamers, and more.

Dropbox silently installs new file manager app on 2019-07-18 12:41:12Dropbox ambushes its users with a radically different version of its sync app.

Warming climate likely leading to larger California fires 2019-07-18 10:45:08Warmer temperatures mean drier fuels and more fire for much of the state.

More on DataSpii: How extensions hide their data 2019-07-18 08:01:54Is your browser extension tracking your every move online?

Top Technology News --

A sharper focus: New computational technique resolves compressed 2019-07-18 12:15:11With high-energy X-rays, such as those that will be produced by the upgrade to Argonne's Advanced Photon Source comes a potential hitch -- the more p

Coaching scientists to play well together 2019-07-18 12:15:03When scientists from different disciplines collaborate -- as is increasingly necessary to confront the complexity of challenging research problems --

Tiny vibration-powered robots are the size of the 2019-07-18 11:25:38Researchers have created a new type of tiny 3D-printed robot that moves by harnessing vibration from piezoelectric actuators, ultrasound sources or ev

Tattooing and the art of sensing within the 2019-07-18 11:25:02The art of tattooing may have found a diagnostic twist. A team of scientists in Germany have developed permanent dermal sensors that can be applied as

Adding a polymer stabilizes collapsing metal-organic frameworks 2019-07-18 11:24:29Porous metal-organic frameworks (MOFs) have many applications like carbon capture and water-cleaning. However, MOFs with large pores tend to collapse.

New e-skin innovation gives robots and prosthetics an 2019-07-18 11:24:17Researchers have developed an ultra responsive and robust artificial nervous system for e-skins.

Red wine's resveratrol could help Mars explorers stay 2019-07-18 08:53:19Mars is about 9 months from Earth with today's tech, NASA reckons. As the new space race hurtles forward, researchers are asking: how do we make sure

Emotion-detection applications built on outdated science, report warns 2019-07-18 08:53:18Software that purportedly reads emotions in faces is being deployed or tested for a variety of purposes, including surveillance, hiring, clinical diag

'Trojan horse' anticancer drug disguises itself as fat 2019-07-18 08:53:16A stealthy new drug-delivery system disguises chemotherapeutics as fat in order to outsmart, penetrate and destroy tumors. Thinking the drugs are tast

AI radar system that can spot miniature drones 2019-07-18 08:53:10Engineers have made a Small AESA radar system with a super-resolution algorithm.

Could the heat of the Earth's crust become 2019-07-17 23:03:47Scientists have developed a very stable battery cell that can directly convert heat into electricity, thus finally providing a way for exploiting geot

A graphene superconductor that plays more than one 2019-07-17 15:51:07Researchers have developed a graphene device that's thinner than a human hair but has a depth of special traits. It easily switches from a supercondu


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.