{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/firefox/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-4729","memory-corruption","firefox","thunderbird","rce"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4729 describes memory safety vulnerabilities present in Firefox 148 and Thunderbird 148. According to the NVD analysis, some of these bugs exhibit memory corruption, suggesting a potential for exploitation. It is presumed that attackers could potentially exploit these vulnerabilities to achieve arbitrary code execution. Successful exploitation would allow an attacker to perform unauthorized actions, potentially compromising the confidentiality, integrity, and availability of the…\u003c/p\u003e\n","date_modified":"2026-03-25T14:18:11Z","date_published":"2026-03-25T14:18:11Z","id":"/briefs/2026-06-firefox-thunderbird-cve/","summary":"Firefox 148 and Thunderbird 148 contain memory safety bugs that could potentially be exploited to execute arbitrary code, impacting versions prior to 149.","title":"CVE-2026-4729 Memory Safety Vulnerabilities in Firefox and Thunderbird","url":"https://feed.craftedsignal.io/briefs/2026-06-firefox-thunderbird-cve/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-4720","firefox","thunderbird","memory-corruption","arbitrary-code-execution"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical memory safety vulnerability, tracked as CVE-2026-4720, affects Mozilla Firefox and Thunderbird. Specifically, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148, and Thunderbird 148 are vulnerable. The identified memory safety bugs exhibit evidence of memory corruption, suggesting that with sufficient effort, attackers could exploit these vulnerabilities to execute arbitrary code on affected systems. Users of Firefox versions prior to 149, Firefox ESR versions prior to 140.9…\u003c/p\u003e\n","date_modified":"2026-03-25T12:00:00Z","date_published":"2026-03-25T12:00:00Z","id":"/briefs/2026-03-firefox-memory-safety/","summary":"A memory safety vulnerability (CVE-2026-4720) in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 could lead to memory corruption and potential arbitrary code execution if successfully exploited.","title":"Firefox and Thunderbird Memory Safety Vulnerability (CVE-2026-4720)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-memory-safety/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["use-after-free","firefox","thunderbird","javascript","cve-2026-4723"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4723 is a critical use-after-free vulnerability affecting the JavaScript Engine component in Mozilla Firefox and Thunderbird. This flaw exists in versions prior to 149. A remote attacker could potentially exploit this vulnerability by crafting malicious JavaScript code that, when processed by a vulnerable browser or email client, triggers the use-after-free condition. The vulnerability was reported by Mozilla Corporation and assigned a CVSS v3.1 base score of 9.8, indicating a high…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:08Z","date_published":"2026-03-24T13:16:08Z","id":"/briefs/2026-03-firefox-thunderbird-uaf/","summary":"A use-after-free vulnerability, CVE-2026-4723, in the JavaScript Engine of Mozilla Firefox and Thunderbird before version 149 could allow arbitrary code execution if successfully exploited by an attacker.","title":"Mozilla Firefox and Thunderbird Use-After-Free Vulnerability (CVE-2026-4723)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-thunderbird-uaf/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["use-after-free","sandbox-escape","firefox","thunderbird"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4725 is a critical use-after-free vulnerability impacting the Canvas2D graphics component in Mozilla Firefox and Thunderbird. Specifically, versions prior to 149 are affected. This vulnerability could allow an attacker to potentially escape the browser\u0026rsquo;s or email client\u0026rsquo;s sandbox. The vulnerability stems from improper memory management in the Canvas2D component, where freed memory is accessed again. Successful exploitation of this flaw could grant an attacker elevated privileges or the…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:08Z","date_published":"2026-03-24T13:16:08Z","id":"/briefs/2026-03-cve-2026-4725/","summary":"A use-after-free vulnerability in the Canvas2D component of Mozilla Firefox and Thunderbird versions before 149 allows for a potential sandbox escape.","title":"Mozilla Firefox and Thunderbird Canvas2D Use-After-Free Vulnerability (CVE-2026-4725)","url":"https://feed.craftedsignal.io/briefs/2026-03-cve-2026-4725/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-4715","firefox","thunderbird","uninitialized-memory","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4715 describes an uninitialized memory flaw within the Canvas2D graphics component of Mozilla Firefox, Firefox ESR, and Thunderbird. Discovered and reported in March 2026, this vulnerability affects Firefox versions prior to 149, Firefox ESR versions prior to 140.9, Thunderbird versions prior to 149, and Thunderbird ESR versions prior to 140.9. Successful exploitation of this issue could allow an attacker to read sensitive information from memory or potentially execute arbitrary code…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:07Z","date_published":"2026-03-24T13:16:07Z","id":"/briefs/2026-03-firefox-uninitialized-memory/","summary":"CVE-2026-4715 is a critical vulnerability involving uninitialized memory in the Graphics: Canvas2D component of Firefox, Firefox ESR, and Thunderbird, potentially leading to information disclosure or arbitrary code execution.","title":"Uninitialized Memory Vulnerability in Firefox Canvas2D (CVE-2026-4715)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-uninitialized-memory/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve","vulnerability","firefox","thunderbird"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4719 is a security vulnerability affecting Mozilla Firefox and Thunderbird. The vulnerability stems from incorrect boundary conditions within the \u003ccode\u003eGraphics: Text\u003c/code\u003e component. Specifically, Firefox versions prior to 149, Firefox ESR versions prior to 140.9, Thunderbird versions prior to 149, and Thunderbird ESR versions prior to 140.9 are affected. Successful exploitation of this vulnerability could potentially lead to a denial-of-service condition by crashing the application. This…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:07Z","date_published":"2026-03-24T13:16:07Z","id":"/briefs/2026-03-firefox-thunderbird-cve-2026-4719/","summary":"CVE-2026-4719 describes an incorrect boundary condition in the Graphics: Text component of Mozilla Firefox and Thunderbird, potentially leading to a denial-of-service condition in vulnerable versions.","title":"Mozilla Firefox and Thunderbird Graphics Text Component Vulnerability (CVE-2026-4719)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-thunderbird-cve-2026-4719/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["privilege-escalation","firefox","thunderbird","cve-2026-4717"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4717 is a critical vulnerability affecting Mozilla Firefox, Firefox ESR, and Thunderbird. The vulnerability lies within the Netmonitor component and can lead to privilege escalation. Specifically, Firefox versions prior to 149, Firefox ESR versions prior to 140.9, Thunderbird versions prior to 149, and Thunderbird ESR versions prior to 140.9 are affected. The vulnerability allows an attacker to potentially gain elevated privileges on the targeted system. This could allow for arbitrary…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:07Z","date_published":"2026-03-24T13:16:07Z","id":"/briefs/2026-03-firefox-privesc/","summary":"CVE-2026-4717 is a critical privilege escalation vulnerability in the Netmonitor component of Firefox, Firefox ESR, and Thunderbird, potentially allowing an attacker to gain elevated privileges on a vulnerable system.","title":"Firefox Netmonitor Privilege Escalation Vulnerability (CVE-2026-4717)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-privesc/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["webrtc","denial-of-service","firefox","thunderbird"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4704 is a denial-of-service vulnerability residing in the WebRTC Signaling component of Mozilla products. This flaw impacts Firefox versions prior to 149, Firefox ESR versions before 140.9, Thunderbird versions lower than 149, and Thunderbird also prior to version 140.9. Successful exploitation of this vulnerability could lead to a denial-of-service condition, rendering the affected application unavailable. The vulnerability was disclosed on March 24, 2026. Defenders should prioritize…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:06Z","date_published":"2026-03-24T13:16:06Z","id":"/briefs/2026-03-webrtc-dos/","summary":"CVE-2026-4704 is a denial-of-service vulnerability in the WebRTC Signaling component affecting Firefox, Firefox ESR, and Thunderbird, potentially disrupting service availability.","title":"WebRTC Signaling Denial-of-Service Vulnerability (CVE-2026-4704)","url":"https://feed.craftedsignal.io/briefs/2026-03-webrtc-dos/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-4700","firefox","thunderbird","mitigation-bypass"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4700 is a mitigation bypass vulnerability affecting Mozilla Firefox, Firefox ESR, and Thunderbird. The vulnerability resides within the Networking: HTTP component and impacts versions earlier than Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.  Successful exploitation could allow an attacker to bypass intended security mitigations, potentially leading to further compromise of the affected system. This vulnerability was disclosed on March 24, 2026, and poses a…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:06Z","date_published":"2026-03-24T13:16:06Z","id":"/briefs/2026-03-firefox-mitigation-bypass/","summary":"CVE-2026-4700 is a critical vulnerability in the Networking: HTTP component of Firefox, Firefox ESR, and Thunderbird, allowing a mitigation bypass in versions prior to Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.","title":"Firefox and Thunderbird Mitigation Bypass Vulnerability (CVE-2026-4700)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-mitigation-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-4695","firefox","thunderbird","webcodecs","denial-of-service"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4695 describes a vulnerability affecting Mozilla Firefox and Thunderbird related to incorrect boundary conditions in the Audio/Video Web Codecs component. This flaw impacts Firefox versions prior to 149, Firefox ESR versions prior to 140.9, Thunderbird versions prior to 149, and Thunderbird ESR versions prior to 140.9. An attacker could potentially exploit this vulnerability to cause a denial-of-service condition, impacting the availability of the application. This vulnerability was…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:05Z","date_published":"2026-03-24T13:16:05Z","id":"/briefs/2026-03-firefox-webcodecs-vuln/","summary":"An incorrect boundary condition in the Audio/Video Web Codecs component in Mozilla Firefox and Thunderbird (CVE-2026-4695) could lead to a denial-of-service (DoS) condition due to a vulnerability that affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.","title":"Mozilla Firefox and Thunderbird WebCodecs Boundary Condition Vulnerability (CVE-2026-4695)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-webcodecs-vuln/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-4697","denial-of-service","mozilla","firefox","thunderbird"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4697 is a vulnerability affecting Mozilla Firefox and Thunderbird due to incorrect boundary conditions within the Audio/Video: Web Codecs component. This flaw can be exploited by attackers to trigger a denial-of-service condition. The vulnerability affects Firefox versions prior to 149, Firefox ESR versions prior to 140.9, Thunderbird versions prior to 149, and Thunderbird ESR versions prior to 140.9. An attacker could potentially craft malicious web content that triggers the incorrect…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:05Z","date_published":"2026-03-24T13:16:05Z","id":"/briefs/2026-03-firefox-thunderbird-dos/","summary":"CVE-2026-4697 is a denial-of-service vulnerability due to incorrect boundary conditions in the Audio/Video Web Codecs component of Mozilla Firefox and Thunderbird, potentially leading to application crashes.","title":"Mozilla Firefox and Thunderbird Web Codecs Denial-of-Service Vulnerability (CVE-2026-4697)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-thunderbird-dos/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve","denial-of-service","firefox","thunderbird"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4693 is a security vulnerability affecting the Audio/Video Playback component in Mozilla Firefox and Thunderbird. This flaw, stemming from incorrect boundary conditions, can be exploited by an unauthenticated attacker to cause a denial-of-service condition. The vulnerability affects Firefox versions prior to 149, Firefox ESR versions prior to 115.34 and 140.9, and Thunderbird versions prior to 149 and 140.9. Successful exploitation of this vulnerability results in the application…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:05Z","date_published":"2026-03-24T13:16:05Z","id":"/briefs/2026-03-firefox-dos/","summary":"CVE-2026-4693 is a vulnerability due to incorrect boundary conditions in the Audio/Video: Playback component of Mozilla Firefox and Thunderbird, potentially leading to a denial-of-service condition.","title":"Mozilla Firefox and Thunderbird Audio/Video Playback Denial-of-Service Vulnerability (CVE-2026-4693)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-dos/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["firefox","thunderbird","jit","miscompilation","rce","cve-2026-4698","type-confusion"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4698 describes a JIT miscompilation vulnerability within the JavaScript engine\u0026rsquo;s JIT component in Mozilla Firefox and Thunderbird. Specifically, Firefox versions prior to 149, Firefox ESR versions less than 115.34 and 140.9, and Thunderbird versions before 149 and 140.9 are affected. This vulnerability stems from a type confusion issue (CWE-843) during JavaScript code compilation, which an attacker can exploit to potentially execute arbitrary code on a vulnerable system. Given the…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:05Z","date_published":"2026-03-24T13:16:05Z","id":"/briefs/2026-03-firefox-jit-miscompilation/","summary":"A critical JIT miscompilation vulnerability (CVE-2026-4698) in the JavaScript engine affects Firefox and Thunderbird, potentially leading to remote code execution.","title":"Firefox and Thunderbird JIT Miscompilation Vulnerability (CVE-2026-4698)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-jit-miscompilation/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-4685","firefox","thunderbird","denial-of-service","canvas2d"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4685 describes an incorrect boundary condition in the Graphics: Canvas2D component affecting Mozilla Firefox versions prior to 149, Firefox ESR versions prior to 115.34 and 140.9, and Thunderbird versions prior to 149 and 140.9. This vulnerability could be exploited by a remote attacker to cause a denial-of-service condition. Successful exploitation of this vulnerability could result in the application crashing or becoming unresponsive. The vulnerability was reported and patched by…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:04Z","date_published":"2026-03-24T13:16:04Z","id":"/briefs/2026-03-firefox-canvas2d-vuln/","summary":"An improper boundary condition vulnerability in the Canvas2D component of Mozilla Firefox, Firefox ESR, and Thunderbird (CVE-2026-4685) could allow for a denial-of-service condition.","title":"Mozilla Firefox Canvas2D Improper Boundary Condition Vulnerability (CVE-2026-4685)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-canvas2d-vuln/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["sandbox-escape","firefox","thunderbird","cve-2026-4687"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4687 is a critical sandbox escape vulnerability affecting Mozilla Firefox and Thunderbird. The vulnerability stems from incorrect boundary conditions within the Telemetry component. Specifically, Firefox versions prior to 149, Firefox ESR versions prior to 115.34 and 140.9, and Thunderbird versions prior to 149 and 140.9 are affected. Successful exploitation could allow an attacker to bypass the intended security restrictions of the sandbox environment and potentially execute arbitrary…\u003c/p\u003e\n","date_modified":"2026-03-24T13:16:04Z","date_published":"2026-03-24T13:16:04Z","id":"/briefs/2026-03-firefox-sandbox-escape/","summary":"CVE-2026-4687 is a sandbox escape vulnerability in Firefox and Thunderbird due to incorrect boundary conditions in the Telemetry component, potentially allowing an attacker to execute arbitrary code outside the sandbox.","title":"Firefox and Thunderbird Sandbox Escape Vulnerability (CVE-2026-4687)","url":"https://feed.craftedsignal.io/briefs/2026-03-firefox-sandbox-escape/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Firefox","Splunk Enterprise","Splunk Enterprise Security","Splunk Cloud"],"_cs_severities":["high"],"_cs_tags":["credential-access","malware","firefox"],"_cs_type":"advisory","_cs_vendors":["Mozilla","Splunk"],"content_html":"\u003cp\u003eThis detection focuses on identifying unauthorized access to Firefox profile directories. The Firefox profile directory stores sensitive user data, including login credentials, browsing history, and cookies. When a non-Firefox process accesses this directory, it could be an indicator of malicious activity, such as a Remote Access Trojan (RAT) or other malware attempting to steal user information. The analytic leverages Windows Security Event logs, specifically event code 4663, to monitor access attempts. This is relevant because successful credential theft can lead to account compromise, data breaches, and further propagation of malware within the network. The threat encompasses a broad range of malware families, including stealers (Azorult, RedLine Stealer, 0bj3ctivity Stealer), RATs (Remcos, Quasar RAT, Warzone RAT), keyloggers (Snake Keylogger, VIP Keylogger), and other malware like DarkGate, NjRAT, AgentTesla, and Lokibot. The activity has been observed in campaigns such as CISA AA23-347A and the 3CX Supply Chain Attack.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe user executes a malicious file, potentially delivered via phishing or drive-by download (not covered in source).\u003c/li\u003e\n\u003cli\u003eThe malicious file executes and establishes persistence on the system.\u003c/li\u003e\n\u003cli\u003eThe malware attempts to access the Firefox profile directory, located at \u003ccode\u003e*\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles*\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eWindows Security Event 4663 is generated, logging the access attempt to the Firefox profile directory.\u003c/li\u003e\n\u003cli\u003eThe malware reads sensitive data, such as login credentials, cookies, and browsing history, from the profile directory.\u003c/li\u003e\n\u003cli\u003eThe stolen data is exfiltrated to a command-and-control (C2) server.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen credentials to gain unauthorized access to user accounts and sensitive systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation and credential theft can lead to a wide range of negative outcomes, including unauthorized access to sensitive data, financial fraud, and further compromise of systems within the organization. The impact can range from individual user account compromise to large-scale data breaches affecting thousands of users. Industries heavily reliant on web-based applications and sensitive user data, such as finance, healthcare, and e-commerce, are particularly vulnerable. The consequences include financial losses, reputational damage, and legal liabilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable \u0026ldquo;Audit Object Access\u0026rdquo; in Group Policy and configure it to log both success and failure events for object access to activate the underlying log source required for this detection.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to your SIEM to detect non-Firefox processes accessing Firefox profile directories.\u003c/li\u003e\n\u003cli\u003eInvestigate any alerts generated by the Sigma rule, paying close attention to the \u003ccode\u003eProcessName\u003c/code\u003e and \u003ccode\u003eObjectName\u003c/code\u003e to identify potentially malicious processes and the specific profile data being accessed.\u003c/li\u003e\n\u003cli\u003eReview and update your organization\u0026rsquo;s security policies to restrict unauthorized access to sensitive user data.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T15:22:32Z","date_published":"2024-01-03T15:22:32Z","id":"/briefs/2024-01-firefox-profile-access/","summary":"This analytic detects non-Firefox processes accessing the Firefox profile directory, potentially indicating malware attempting to harvest sensitive user data like login credentials, browsing history, and cookies.","title":"Non-Firefox Process Accessing Firefox Profile Directory","url":"https://feed.craftedsignal.io/briefs/2024-01-firefox-profile-access/"}],"language":"en","title":"CraftedSignal Threat Feed — Firefox","version":"https://jsonfeed.org/version/1.1"}