Trusted Design

• 重大度: Unknown
• 公開日: 2015-08-08
• 更新日: 2025-10-21

概要

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

このCVEに関連するMITRE ATT&CKテクニック

• T1560.001 - Archive via Utility
• T1602 - Data from Configuration Repository
• T1003.002 - Security Account Manager
• T1192 - Spearphishing Link
• T1121 - Regsvcs/Regasm
• T1063 - Security Software Discovery
• T1484.002 - Trust Modification
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1106 - Native API
• T1558 - Steal or Forge Kerberos Tickets
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1562.004 - Disable or Modify System Firewall
• T1185 - Browser Session Hijacking
• T1145 - Private Keys
• T1535 - Unused/Unsupported Cloud Regions
• T1155 - AppleScript
• T1055.013 - Process Doppelgänging
• T1546.008 - Accessibility Features
• T1550.003 - Pass the Ticket
• T1083 - File and Directory Discovery
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1552.001 - Credentials In Files
• T1218.005 - Mshta
• T1608 - Stage Capabilities
• T1608.005 - Link Target
• T1598.002 - Spearphishing Attachment
• T1497.002 - User Activity Based Checks
• T1071.002 - File Transfer Protocols
• T1218.001 - Compiled HTML File
• T1219.003 - Remote Access Hardware
• T1036.012 - Browser Fingerprint
• T1078 - Valid Accounts
• T1068 - Exploitation for Privilege Escalation
• T1201 - Password Policy Discovery
• T1486 - Data Encrypted for Impact
• T1587.004 - Exploits
• T1203 - Exploitation for Client Execution
• T1595.003 - Wordlist Scanning
• T1184 - SSH Hijacking
• T1584.002 - DNS Server
• T1027.004 - Compile After Delivery
• T1656 - Impersonation
• T1213.003 - Code Repositories
• T1565.002 - Transmitted Data Manipulation
• T1555.004 - Windows Credential Manager
• T1189 - Drive-by Compromise
• T1159 - Launch Agent
• T1538 - Cloud Service Dashboard
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1596.005 - Scan Databases
• T1173 - Dynamic Data Exchange

このCVEが関連しているPulses

• Firefox CVE-2015-4495 exploitation

CVEの関係性グラフ

---

← CVE一覧に戻る