Metasploit modules that can be used to exploit Mozilla » Firefox Esr » 38.0
-
Firefox MCallGetProperty Write Side Effects Use After Free Exploit
Disclosure Date: 2020-11-18First seen: 2022-12-23exploit/multi/browser/firefox_jit_use_after_freeThis modules exploits CVE-2020-26950, a use after free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order to construct primitives. The shellcode is forced into executable memory via the JIT compiler, and executed by writing to the JIT region pointer. This exploit does not contain a sandbox escape, so firefox must be run with the MOZ_DISABLE_CONTENT_SANDBOX environment variable set, in order for the shellcode to run successfully. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2, however only Firefox <= 79 is supported as a target. Additional work may be needed to support other versions such as Firefox 82.0.1. Authors: - 360 ESG Vulnerability Research Institute - maxpl0it - timwr -
Firefox nsSMILTimeContainer::NotifyTimeChange() RCE
Disclosure Date: 2016-11-30First seen: 2020-04-26exploit/windows/browser/firefox_smil_uafThis module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows. Authors: - Anonymous Gaijin - William Webb <william_webb@rapid7.com> -
Firefox PDF.js Browser File Theft
First seen: 2020-04-26auxiliary/gather/firefox_pdfjs_file_theftThis module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files. The in-the-wild malicious payloads searched for sensitive files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they do not use the Mozilla PDF viewer. Authors: - Unknown - fukusa - Unknown
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details