Firefox exploit found in the wild
概要
Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.
The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 13.53
Matched TTPs:
- T1059.007 - JavaScript
- T1055 - Process Injection
- T1201 - Password Policy Discovery
- T1124 - System Time Discovery
- T1078.003 - Local Accounts
MITREへのリンク →
Score: 12.51
Matched TTPs:
- T1059.007 - JavaScript
- T1055 - Process Injection
- T1218.010 - Regsvr32
- T1564.001 - Hidden Files and Directories
- T1078.003 - Local Accounts
MITREへのリンク →
Score: 4.57
Matched TTPs:
- T1059.007 - JavaScript
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.43
Matched TTPs:
- T1059.007 - JavaScript
- T1055 - Process Injection
MITREへのリンク →
Score: 9.90
Matched TTPs:
- T1059.007 - JavaScript
- T1564.001 - Hidden Files and Directories
- T1124 - System Time Discovery
- T1078.003 - Local Accounts
MITREへのリンク →
Score: 7.18
Matched TTPs:
- T1059.007 - JavaScript
- T1055 - Process Injection
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.72
Matched TTPs:
- T1059.007 - JavaScript
- T1124 - System Time Discovery
- T1027.015 - Compression
MITREへのリンク →
Score: 13.98
Matched TTPs:
- T1059.007 - JavaScript
- T1055 - Process Injection
- T1218.010 - Regsvr32
- T1588.005 - Exploits
- T1078.003 - Local Accounts
MITREへのリンク →
Score: 5.12
Matched TTPs:
- T1059.007 - JavaScript
- T1027.015 - Compression
MITREへのリンク →
Score: 4.64
Matched TTPs:
- T1059.007 - JavaScript
- T1564.001 - Hidden Files and Directories
MITREへのリンク →
Score: 7.75
Matched TTPs:
- T1114 - Email Collection
- T1588.005 - Exploits
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1588.006 - Vulnerabilities
MITREへのリンク →
Score: 6.44
Matched TTPs:
- T1588.006 - Vulnerabilities
- T1124 - System Time Discovery
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1588.006 - Vulnerabilities
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.61
Matched TTPs:
- T1055 - Process Injection
- T1027.015 - Compression
MITREへのリンク →
Score: 9.26
Matched TTPs:
- T1055 - Process Injection
- T1078.003 - Local Accounts
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1055 - Process Injection
- T1056.004 - Credential API Hooking
MITREへのリンク →
Score: 5.61
Matched TTPs:
- T1055 - Process Injection
- T1027.015 - Compression
MITREへのリンク →
Score: 8.38
Matched TTPs:
- T1201 - Password Policy Discovery
- T1137.004 - Outlook Home Page
MITREへのリンク →
Score: 6.44
Matched TTPs:
- T1201 - Password Policy Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.90
Matched TTPs:
- T1218.010 - Regsvr32
- T1027.015 - Compression
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1608.006 - SEO Poisoning
MITREへのリンク →
Score: 10.93
Matched TTPs:
- T1564.001 - Hidden Files and Directories
- T1550.001 - Application Access Token
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 5.26
Matched TTPs:
- T1564.001 - Hidden Files and Directories
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.33
Matched TTPs:
- T1564.001 - Hidden Files and Directories
- T1078.003 - Local Accounts
MITREへのリンク →
Score: 9.46
Matched TTPs:
- T1564.001 - Hidden Files and Directories
- T1550.001 - Application Access Token
- T1078.003 - Local Accounts
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.78
Matched TTPs:
- T1055 - Process Injection
- T1059.007 - JavaScript
- T1078.003 - Local Accounts
- T1201 - Password Policy Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 0.77
Matched TTPs:
- T1218.010 - Regsvr32
- T1055 - Process Injection
- T1059.007 - JavaScript
- T1078.003 - Local Accounts
- T1588.005 - Exploits
MITREへのリンク →
Score: 0.72
Matched TTPs:
- T1218.010 - Regsvr32
- T1055 - Process Injection
- T1059.007 - JavaScript
- T1078.003 - Local Accounts
- T1564.001 - Hidden Files and Directories
MITREへのリンク →
Score: 0.66
Matched TTPs:
- T1211 - Exploitation for Defense Evasion
- T1564.001 - Hidden Files and Directories
- T1550.001 - Application Access Token
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1564.001 - Hidden Files and Directories
- T1078.003 - Local Accounts
- T1059.007 - JavaScript
- T1124 - System Time Discovery
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1564.001 - Hidden Files and Directories
- T1078.003 - Local Accounts
- T1550.001 - Application Access Token
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design