File tree Expand file tree Collapse file tree 1 file changed +6
-3
lines changed
modules/exploits/multi/browser Expand file tree Collapse file tree 1 file changed +6
-3
lines changed Original file line number Diff line number Diff line change @@ -29,10 +29,10 @@ class Metasploit3 < Msf::Exploit::Remote
2929
3030 def initialize ( info = { } )
3131 super ( update_info ( info ,
32- 'Name' => 'Firefox Plug-in Privileged Javascript Code Execution ' ,
32+ 'Name' => 'Firefox 17.0.1 + Flash Privileged Code Injection ' ,
3333 'Description' => %q{
34- This exploit gains code execution on Firefox 17.0.1 and all previous versions,
35- provided the user has installed Flash. No memory corruption is used.
34+ This exploit gains remote code execution on Firefox 17.0.1 and all previous
35+ versions, provided the user has installed Flash. No memory corruption is used.
3636
3737 First, a Flash object is cloned into the anonymous content of the SVG
3838 "use" element in the <body> (CVE-2013-0758). From there, the Flash object
@@ -41,6 +41,9 @@ def initialize(info = {})
4141 Then a separate exploit (CVE-2013-0757) is used to bypass the security wrapper
4242 around the child frame's window reference and inject code into the chrome://
4343 context.
44+
45+ Once we have injection into the chrome execution context, we can write our
46+ payload to disk, chmod it (if posix), and then execute.
4447
4548 Note: Flash is used here to trigger the exploit but any Firefox plugin
4649 with script access should be able to trigger it.
You can’t perform that action at this time.
0 commit comments