module
Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution
| Disclosed | Created |
|---|---|
| 2007-06-27 | 2018-05-30 |
Disclosed
2007-06-27
Created
2018-05-30
Description
Mozilla Firefox before version 41 allowed users to install
unsigned browser extensions from arbitrary web servers.
This module dynamically creates an unsigned .xpi addon file.
The resulting bootstrapped Firefox addon is presented to
the victim via a web page. The victim's Firefox browser
will pop a dialog asking if they trust the addon.
Once the user clicks "install", the addon is installed and
executes the payload with full user permissions. As of Firefox
4, this will work without a restart as the addon is marked to
be "bootstrapped". As the addon will execute the payload after
each Firefox restart, an option can be given to automatically
uninstall the addon once the payload has been executed.
As of Firefox 41, unsigned extensions can still be installed
on Firefox Nightly, Unbranded and Development builds when
configured with `xpinstall.signatures.required` set to `false`.
Note: this module generates legacy extensions which are
supported only in Firefox before version 57.
unsigned browser extensions from arbitrary web servers.
This module dynamically creates an unsigned .xpi addon file.
The resulting bootstrapped Firefox addon is presented to
the victim via a web page. The victim's Firefox browser
will pop a dialog asking if they trust the addon.
Once the user clicks "install", the addon is installed and
executes the payload with full user permissions. As of Firefox
4, this will work without a restart as the addon is marked to
be "bootstrapped". As the addon will execute the payload after
each Firefox restart, an option can be given to automatically
uninstall the addon once the payload has been executed.
As of Firefox 41, unsigned extensions can still be installed
on Firefox Nightly, Unbranded and Development builds when
configured with `xpinstall.signatures.required` set to `false`.
Note: this module generates legacy extensions which are
supported only in Firefox before version 57.
Authors
mihi
joev joev@metasploit.com
joev joev@metasploit.com
Platform
Java,Linux,OSX,Solaris,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.