Proxy Browser with JavaScript
CVE-2014-8636 Firefox Proxy Prototype Privileged Javascript

This exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability.
exploit/multi/browser/firefox_proxy_prototype
- joev
- Universal (Javascript XPCOM Shell)
- Native Payload
- firefox
- java
- linux
- osx
- solaris
- windows
- x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/browser/firefox_proxy_prototype msf exploit(firefox_proxy_prototype) > show targets msf exploit(firefox_proxy_prototype) > exploitSource: www.rapid7.com
Related posts: