Vulnerability & Exploit Database

Back to search

Firefox Exec Shellcode from Privileged Javascript Shell

This module allows execution of native payloads from a privileged Firefox Javascript shell. It places the specified payload into memory, adds the necessary protection flags, and calls it, which can be useful for upgrading a Firefox javascript shell to a Meterpreter session without touching the disk.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • joev <joev [at]>


  • Native Payload


  • firefox
  • linux
  • osx
  • windows
  • unix


  • x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/firefox/local/exec_shellcode msf exploit(exec_shellcode) > show targets ...targets... msf exploit(exec_shellcode) > set TARGET <target-id> msf exploit(exec_shellcode) > show options and set options... msf exploit(exec_shellcode) > exploit