-
SSL/TLS Version Detection
Disclosure Date: 2014-10-14First seen: 2022-12-23auxiliary/scanner/ssl/ssl_versionCheck if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength, null cipher suites, certificates signed with MD5, DROWN, RC4 ciphers, exportable ciphers, LOGJAM, and BEAST. Authors: - todb <todb@metasploit.com> - et <et@metasploit.com> - Chris John Riley - Veit Hailperin <hailperv@gmail.com> - h00die -
Firefox WebIDL Privileged Javascript Injection
Disclosure Date: 2014-03-17First seen: 2020-04-26exploit/multi/browser/firefox_webidl_injectionThis exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs. Authors: - Marius Mlynski - joev <joev@metasploit.com> -
Firefox WebIDL Privileged Javascript Injection
Disclosure Date: 2014-03-17First seen: 2020-04-26exploit/multi/browser/firefox_webidl_injectionThis exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs. Authors: - Marius Mlynski - joev <joev@metasploit.com> -
Firefox Proxy Prototype Privileged Javascript Injection
Disclosure Date: 2014-01-20First seen: 2020-04-26exploit/multi/browser/firefox_proxy_prototypeThis exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability. Authors: - joev <joev@metasploit.com> -
Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
Disclosure Date: 2013-08-06First seen: 2020-04-26exploit/multi/browser/firefox_proto_crmfrequestOn versions of Firefox from 5.0 to 15.0.1, the InstallTrigger global, when given invalid input, would throw an exception that did not have an __exposedProps__ property set. By re-setting this property on the exception object's prototype, the chrome-based defineProperty method is made available. With the defineProperty method, functions belonging to window and document can be overridden with a function that gets called from chrome-privileged context. From here, another vulnerability in the crypto.generateCRMFRequest function is used to "peek" into the context's private scope. Since the window does not have a chrome:// URL, the insecure parts of Components.classes are not available, so instead the AddonManager API is invoked to silently install a malicious plugin. Authors: - Mariusz Mlynski - moz_bug_r_a4 - joev <joev@metasploit.com> -
Firefox toString console.time Privileged Javascript Injection
Disclosure Date: 2013-05-14First seen: 2020-04-26exploit/multi/browser/firefox_tostring_console_injectionThis exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges. Authors: - moz_bug_r_a4 - Cody Crews - joev <joev@metasploit.com>
6 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details