Trusted Design

Mozilla Same origin violation and file stealing via PDF reader

概要

Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer. Mozilla has received reports that an exploit based on this vulnerability has been found in the wild.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT32

Score: 14.58
Matched TTPs:
  • T1216.001 - PubPrn
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Ember Bear

Score: 9.25
Matched TTPs:
  • T1114 - Email Collection
  • T1203 - Exploitation for Client Execution
  • T1588.005 - Exploits
MITREへのリンク →

Silent Librarian

Score: 3.62
Matched TTPs:
  • T1114 - Email Collection
MITREへのリンク →

Magic Hound

Score: 6.18
Matched TTPs:
  • T1114 - Email Collection
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
MITREへのリンク →

Scattered Spider

Score: 7.75
Matched TTPs:
  • T1114 - Email Collection
  • T1204 - User Execution
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 14.07
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1588.003 - Code Signing Certificates
  • T1588.005 - Exploits
  • T1078.003 - Local Accounts
MITREへのリンク →

Machete

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 4.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 4.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Dragonfly

Score: 8.07
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
MITREへのリンク →

Contagious Interview

Score: 5.33
Matched TTPs:
  • T1204.002 - Malicious File
  • T1204.004 - Malicious Copy and Paste
MITREへのリンク →

RTM

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

CURIUM

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

Tropic Trooper

Score: 8.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

Dark Caracal

Score: 5.99
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
MITREへのリンク →

DarkHydrus

Score: 4.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1221 - Template Injection
MITREへのリンク →

PLATINUM

Score: 10.42
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1056.004 - Credential API Hooking
MITREへのリンク →

FIN8

Score: 4.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Threat Group-3390

Score: 11.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

BITTER

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Ferocious Kitten

Score: 5.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

APT37

Score: 7.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

PROMETHIUM

Score: 9.35
Matched TTPs:
  • T1204.002 - Malicious File
  • T1205.001 - Port Knocking
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

TA505

Score: 5.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.005 - Mark-of-the-Web Bypass
MITREへのリンク →

Higaisa

Score: 6.31
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

Wizard Spider

Score: 7.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

OilRig

Score: 13.59
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.001 - Compiled HTML File
  • T1201 - Password Policy Discovery
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Sandworm Team

Score: 7.00
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.006 - Vulnerabilities
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Cobalt Group

Score: 5.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Inception

Score: 6.31
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

EXOTIC LILY

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Lazarus Group

Score: 4.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Patchwork

Score: 4.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN7

Score: 4.33
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1078.003 - Local Accounts
MITREへのリンク →

APT28

Score: 12.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

APT19

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 7.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1027.015 - Compression
MITREへのリンク →

Mofang

Score: 4.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.015 - Compression
MITREへのリンク →

Leviathan

Score: 8.07
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.015 - Compression
MITREへのリンク →

Tonto Team

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Andariel

Score: 4.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 8.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT38

Score: 13.17
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
MITREへのリンク →

MuddyWater

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Mustang Panda

Score: 6.31
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Molerats

Score: 4.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gamaredon Group

Score: 10.42
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1221 - Template Injection
  • T1027.015 - Compression
MITREへのリンク →

Darkhotel

Score: 4.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

The White Company

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT33

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Silence

Score: 7.56
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Sidewinder

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT29

Score: 14.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.005 - Mark-of-the-Web Bypass
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1078.003 - Local Accounts
MITREへのリンク →

Confucius

Score: 6.31
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

BlackTech

Score: 9.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Windshift

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

Volt Typhoon

Score: 3.84
Matched TTPs:
  • T1588.006 - Vulnerabilities
MITREへのリンク →

Storm-0501

Score: 3.84
Matched TTPs:
  • T1588.006 - Vulnerabilities
MITREへのリンク →

APT41

Score: 8.27
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Velvet Ant

Score: 9.26
Matched TTPs:
  • T1055 - Process Injection
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Turla

Score: 10.73
Matched TTPs:
  • T1055 - Process Injection
  • T1201 - Password Policy Discovery
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Ke3chang

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

UNC3886

Score: 5.63
Matched TTPs:
  • T1205.001 - Port Knocking
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LAPSUS$

Score: 4.13
Matched TTPs:
  • T1204 - User Execution
MITREへのリンク →

Chimera

Score: 3.84
Matched TTPs:
  • T1201 - Password Policy Discovery
MITREへのリンク →

Axiom

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Sea Turtle

Score: 4.16
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

Mustard Tempest

Score: 6.30
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Medusa Group

Score: 4.54
Matched TTPs:
  • T1218.014 - MMC
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT32

Score: 0.77
Matched TTPs:
  • T1216.001 - PubPrn
  • T1189 - Drive-by Compromise
  • T1055 - Process Injection
  • T1203 - Exploitation for Client Execution
  • T1078.003 - Local Accounts
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
MITREへのリンク →

APT29

Score: 0.75
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1553.005 - Mark-of-the-Web Bypass
  • T1078.003 - Local Accounts
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1027.006 - HTML Smuggling
MITREへのリンク →

OilRig

Score: 0.73
Matched TTPs:
  • T1588.003 - Code Signing Certificates
  • T1203 - Exploitation for Client Execution
  • T1218.001 - Compiled HTML File
  • T1201 - Password Policy Discovery
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
MITREへのリンク →

Kimsuky

Score: 0.72
Matched TTPs:
  • T1588.003 - Code Signing Certificates
  • T1055 - Process Injection
  • T1588.005 - Exploits
  • T1078.003 - Local Accounts
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
MITREへのリンク →

APT38

Score: 0.69
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1055 - Process Injection
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.001 - Compiled HTML File
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
MITREへのリンク →

APT28

Score: 0.66
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1211 - Exploitation for Defense Evasion
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
MITREへのリンク →

Threat Group-3390

Score: 0.63
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
  • T1203 - Exploitation for Client Execution
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
MITREへのリンク →

Turla

Score: 0.60
Matched TTPs:
  • T1078.003 - Local Accounts
  • T1201 - Password Policy Discovery
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gamaredon Group

Score: 0.57
Matched TTPs:
  • T1055 - Process Injection
  • T1027.015 - Compression
  • T1221 - Template Injection
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
MITREへのリンク →

BlackTech

Score: 0.57
Matched TTPs:
  • T1588.003 - Code Signing Certificates
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る