Fix minor bugs discovered when testing.

Author: jvennix-r7

lib/rex/exploitation/javascriptosdetect.js

@@ -45,6 +45,13 @@ window.os_detect.getVersion = function(){
 	var version = "";
 	var unknown_fingerprint = null;
 
+	var css_is_valid = function(prop, propCamelCase, css) {
+		if (!document.createElement) return false;
+		var d = document.createElement('div');
+		d.setAttribute('style', prop+": "+css+";")
+		return d.style[propCamelCase] === css;
+	}
+
 	//--
 	// Client
 	//--
@@ -179,12 +186,15 @@ window.os_detect.getVersion = function(){
 		if (!ua_version || 0 == ua_version.length) {
 			ua_is_lying = true;
 		}
-	} else if (!document.all && navigator.taintEnabled) {
+	} else if (!document.all && navigator.taintEnabled ||
+	            'MozBlobBuilder' in window) {
 		// Use taintEnabled to identify FF since other recent browsers
 		// implement window.getComputedStyle now.  For some reason, checking for
 		// taintEnabled seems to cause IE 6 to stop parsing, so make sure this
 		// isn't IE first.
-		//
+
+		// Also check MozBlobBuilder because FF 9.0.1 does not support taintEnabled
+
 		// Then this is a Gecko derivative, assume Firefox since that's the
 		// only one we have sploits for.  We may need to revisit this in the
 		// future.  This works for multi/browser/mozilla_compareto against
@@ -201,19 +211,20 @@ window.os_detect.getVersion = function(){
 			ua_version = '21.0'
 		} else if ('imul' in Math) {
 			ua_version = '20.0'
-		} else if ('HTMLCanvasElement' in window &&
-			                  'toBlob' in HTMLCanvasElement.prototype) {
+		} else if (css_is_valid('font-size', 'fontSize', '23vmax')) {
+			// this is fuxored
 			ua_version = '19.0'
 		} else if ('devicePixelRatio' in window) {
 			ua_version = '18.0'
-		} else if ('HTMLIFrameElement' in window &&
-			                 'sandbox' in HTMLIFrameElement.prototype) {
+		} else if ('createElement' in document &&
+		           document.createElement('iframe') &&
+                   'sandbox' in document.createElement('iframe')) {
 			ua_version = '17.0'
-		} else if ('CSS2Properties' in window &&
-		                'animation' in CSS2Properties.prototype) {
+		} else if ('mozApps' in navigator && 'install' in navigator.mozApps) {
 			ua_version = '16.0'
 		} else if ('HTMLSourceElement' in window && 
-		                       'media' in HTMLSourceElement.prototype) {
+		           HTMLSourceElement.prototype &&
+		           'media' in HTMLSourceElement.prototype) {
 			ua_version = '15.0'
 		} else if ('mozRequestPointerLock' in document.body) {
 			ua_version = '14.0'
@@ -223,7 +234,9 @@ window.os_detect.getVersion = function(){
 			ua_version = "12.0";
 		} else if ('mozVibrate' in navigator) {
 			ua_version = "11.0";
-		} else if ('mozCancelFullScreen' in document) {
+		} else if (css_is_valid('-moz-backface-visibility', 'MozBackfaceVisibility', 'preserve-3d')) {
+			ua_version = "10.0";
+		} else if ('doNotTrack' in navigator) {
 			ua_version = "9.0";
 		} else if ('insertAdjacentHTML' in document.body) {
 			ua_version = "8.0";
@@ -248,7 +261,6 @@ window.os_detect.getVersion = function(){
 		} else {
 			ua_version = "1";
 		}
-
 		if (navigator.oscpu != navigator.platform) {
 			ua_is_lying = true;
 		}