This exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability.

exploit/multi/browser/firefox_proxy_prototype

• joev

• Universal (Javascript XPCOM Shell)
• Native Payload

• firefox
• java
• linux
• osx
• solaris
• windows

• x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/browser/firefox_proxy_prototype msf exploit(firefox_proxy_prototype) > show targets msf exploit(firefox_proxy_prototype) > exploit

Source: www.rapid7.com