Metasploit modules that can be used to exploit Mozilla » Thunderbird » 52.9.1
-
Firefox MCallGetProperty Write Side Effects Use After Free Exploit
Disclosure Date: 2020-11-18First seen: 2022-12-23exploit/multi/browser/firefox_jit_use_after_freeThis modules exploits CVE-2020-26950, a use after free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order to construct primitives. The shellcode is forced into executable memory via the JIT compiler, and executed by writing to the JIT region pointer. This exploit does not contain a sandbox escape, so firefox must be run with the MOZ_DISABLE_CONTENT_SANDBOX environment variable set, in order for the shellcode to run successfully. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2, however only Firefox <= 79 is supported as a target. Additional work may be needed to support other versions such as Firefox 82.0.1. Authors: - 360 ESG Vulnerability Research Institute - maxpl0it - timwr
1 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details