Metasploit modules that can be used to exploit Mozilla » Seamonkey » 2.14 beta3
-
SSL/TLS Version Detection
Disclosure Date: 2014-10-14First seen: 2022-12-23auxiliary/scanner/ssl/ssl_versionCheck if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength, null cipher suites, certificates signed with MD5, DROWN, RC4 ciphers, exportable ciphers, LOGJAM, and BEAST. Authors: - todb <todb@metasploit.com> - et <et@metasploit.com> - Chris John Riley - Veit Hailperin <hailperv@gmail.com> - h00die -
Firefox WebIDL Privileged Javascript Injection
Disclosure Date: 2014-03-17First seen: 2020-04-26exploit/multi/browser/firefox_webidl_injectionThis exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs. Authors: - Marius Mlynski - joev <joev@metasploit.com> -
Firefox WebIDL Privileged Javascript Injection
Disclosure Date: 2014-03-17First seen: 2020-04-26exploit/multi/browser/firefox_webidl_injectionThis exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs. Authors: - Marius Mlynski - joev <joev@metasploit.com> -
Firefox Proxy Prototype Privileged Javascript Injection
Disclosure Date: 2014-01-20First seen: 2020-04-26exploit/multi/browser/firefox_proxy_prototypeThis exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability. Authors: - joev <joev@metasploit.com> -
Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
Disclosure Date: 2013-08-06First seen: 2020-04-26exploit/multi/browser/firefox_proto_crmfrequestOn versions of Firefox from 5.0 to 15.0.1, the InstallTrigger global, when given invalid input, would throw an exception that did not have an __exposedProps__ property set. By re-setting this property on the exception object's prototype, the chrome-based defineProperty method is made available. With the defineProperty method, functions belonging to window and document can be overridden with a function that gets called from chrome-privileged context. From here, another vulnerability in the crypto.generateCRMFRequest function is used to "peek" into the context's private scope. Since the window does not have a chrome:// URL, the insecure parts of Components.classes are not available, so instead the AddonManager API is invoked to silently install a malicious plugin. Authors: - Mariusz Mlynski - moz_bug_r_a4 - joev <joev@metasploit.com> -
Firefox toString console.time Privileged Javascript Injection
Disclosure Date: 2013-05-14First seen: 2020-04-26exploit/multi/browser/firefox_tostring_console_injectionThis exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges. Authors: - moz_bug_r_a4 - Cody Crews - joev <joev@metasploit.com> -
Firefox XMLSerializer Use After Free
Disclosure Date: 2013-01-08First seen: 2020-04-26exploit/windows/browser/mozilla_firefox_xmlserializerThis module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically a use-after-free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3. Authors: - regenrecht - juan vazquez <juan.vazquez@metasploit.com> -
Firefox 17.0.1 Flash Privileged Code Injection
Disclosure Date: 2013-01-08First seen: 2020-04-26exploit/multi/browser/firefox_svg_pluginThis exploit gains remote code execution on Firefox 17 and 17.0.1, provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG "use" element in the <body> (CVE-2013-0758). From there, the Flash object can navigate a child frame to a URL in the chrome:// scheme. Then a separate exploit (CVE-2013-0757) is used to bypass the security wrapper around the child frame's window reference and inject code into the chrome:// context. Once we have injection into the chrome execution context, we can write the payload to disk, chmod it (if posix), and then execute. Note: Flash is used here to trigger the exploit but any Firefox plugin with script access should be able to trigger it. Authors: - Marius Mlynski - joev <joev@metasploit.com> - sinn3r <sinn3r@metasploit.com> -
Firefox 17.0.1 Flash Privileged Code Injection
Disclosure Date: 2013-01-08First seen: 2020-04-26exploit/multi/browser/firefox_svg_pluginThis exploit gains remote code execution on Firefox 17 and 17.0.1, provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG "use" element in the <body> (CVE-2013-0758). From there, the Flash object can navigate a child frame to a URL in the chrome:// scheme. Then a separate exploit (CVE-2013-0757) is used to bypass the security wrapper around the child frame's window reference and inject code into the chrome:// context. Once we have injection into the chrome execution context, we can write the payload to disk, chmod it (if posix), and then execute. Note: Flash is used here to trigger the exploit but any Firefox plugin with script access should be able to trigger it. Authors: - Marius Mlynski - joev <joev@metasploit.com> - sinn3r <sinn3r@metasploit.com>
9 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details