Oops, this doesn't work on 23, only 22.

joevennix · joevennix · commit 6d958475d62c · 2014-08-15T17:00:58.000-05:00
diff --git a/modules/exploits/multi/browser/firefox_tostring_console_injection.rb b/modules/exploits/multi/browser/firefox_tostring_console_injection.rb
@@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote
   autopwn_info({
     :ua_name    => HttpClients::FF,
     :ua_minver  => "15.0",
-    :ua_maxver  => "23.0",
+    :ua_maxver  => "22.0",
     :javascript => true,
     :rank       => ExcellentRanking
   })
@@ -25,18 +25,20 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'Firefox toString console.time Privileged Javascript Injection',
       'Description'    => %q{
-        This exploit gains remote code execution on Firefox 15-23 by abusing two separate
+        This exploit gains remote code execution on Firefox 15-22 by abusing two separate
         Javascript-related vulnerabilities to ultimately inject malicious Javascript code
         into a context running with chrome:// privileges.
       },
       'License' => MSF_LICENSE,
       'Author'  => [
         'moz_bug_r_a4', # discovered CVE-2013-1710
+        'Cody Crews',   # discovered CVE-2013-1670
         'joev' # metasploit module
       ],
-      'DisclosureDate' => "Aug 6 2013",
+      'DisclosureDate' => "May 14 2013",
       'References' => [
-        ['CVE', '2013-1710']   # bypass Chrome Object Wrapper to talk to chrome://
+        ['CVE', '2013-1670'], # privileged access for content-level constructor
+        ['CVE', '2013-1710']  # further chrome injection
       ],
       'Targets' => [
         [
@@ -56,7 +58,7 @@ def initialize(info = {})
       'BrowserRequirements' => {
         :source  => 'script',
         :ua_name => HttpClients::FF,
-        :ua_ver  => lambda { |ver| ver.to_i.between?(15, 23) }
+        :ua_ver  => lambda { |ver| ver.to_i.between?(15, 22) }
       }
     ))
 
