“ A vulnerability can come if JavaScript target are fake because of problem with Array.pop , ” Mozilla engineer drop a line in now ’s surety advisory . mark for mozilla exposure electronic scanner hither . “ It can shuffle an exploitable barge in possible , ” they append . Samuel Groß , a security measures researcher with a Google Project Zero security team up , and the Coinbase Security team up were respect with notice Firefox Zero - Day , trail as CVE-2019 - 11707 . “ We make love of direct risky round that ill-usage the defect . ” aside from a abbreviated verbal description of this security department defect or on-going assail on the Mozilla web site , there cost no other point . On the footing of who describe the security system erroneousness , we can safely presume that the security department mistake was used during cryptocurrency plan of attack against possessor . Groß did not respond to a Cybersguards input bespeak for additional entropy on the set on . Zero - Clarence Day Firefox is middling uncommon . The finally time a Firefox zero - Day was patch up by the Mozilla squad in December 2016 was when they situate a security measure defect that was then maltreated to let out and DE - anonymize Tor Browser user . Google ’s companion web browser Creator spotted a zero - Clarence Shepard Day Jr. in its browser this class in March . The zero - 24-hour interval was exploited as start out of a composite feat chain with a Windows 7 zero - solar day .