Coinbase Security found a sophisticated, highly targeted, thought out attack that used spear phishing/social engineering tactics and, most importantly, two Firefox 0-day vulnerabilities. The first phishing emails to go out contained no malicious elements. The attackers went through a qualification process and multiple rounds of emails with potential victims, making sure they were high-payoff targets before they directed victims to the page containing the exploit payload. After visiting the exploit page in Firefox, the exploit code was delivered from a separate domain, which was registered on May 28. The payload used used to install malware capable of taking over someones machine.”]
Source: https://blog.coinbase.com/responding-to-firefox-0-days-in-the-wild-d9c85a57f15b