Vulnerability & Exploit Database

Back to search

Firefox WebIDL Privileged Javascript Injection

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/browser/firefox_webidl_injection

Authors

  • Marius Mlynski
  • joev <joev [at] metasploit.com>

References

Targets

  • Universal (Javascript XPCOM Shell)
  • Native Payload

Platforms

  • firefox
  • java
  • linux
  • osx
  • solaris
  • windows

Architectures

  • firefox
  • x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/browser/firefox_webidl_injection msf exploit(firefox_webidl_injection) > show targets ...targets... msf exploit(firefox_webidl_injection) > set TARGET <target-id> msf exploit(firefox_webidl_injection) > show options ...show and set options... msf exploit(firefox_webidl_injection) > exploit

Related Vulnerabilities