Back to search

Firefox location.QueryInterface() Code Execution

This module exploits a code execution vulnerability in the Mozilla Firefox browser. To reliably exploit this vulnerability, we need to fill almost a gigabyte of memory with our nop sled and payload. This module has been tested on OS X 10.3 with the stock Firefox 1.5.0 package.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/browser/firefox_queryinterface

Authors

  • hdm <x [at] hdm.io>

References

Targets

  • Firefox 1.5.0.0 Mac OS X
  • Firefox 1.5.0.0 Linux

Platforms

  • osx
  • linux

Architectures

  • ppc
  • x86

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/browser/firefox_queryinterface msf exploit(firefox_queryinterface) > show targets ...targets... msf exploit(firefox_queryinterface) > set TARGET <target-id> msf exploit(firefox_queryinterface) > show options ...show and set options... msf exploit(firefox_queryinterface) > exploit

Related Vulnerabilities