Note, that while the Tor Browser Bundle advertises itself as Firefox version 31, it does not appear exploitable in any reasonable setup. 5.6.7.8 firefox_proxy_prototype - Sending HTML response. For the impatient, here's what a command shell looks like in Metasploit Framework (tested against Firefox version 32 release): msf exploit(firefox_proxy_prototype) > 5.6.7.8 firefox_proxy_prototype - Gathering target information. To see the full exploit source code, see today's disclosure Pull Request 4985. Proxy objects allow transparent interception of Javascript's normal get-/set-property pattern: var x = injectIntoChrome(de) | send_response_html(cli, "js") Proxies are a neat ECMAScript 6 feature that Firefox has had implemented for some time now. Adventures in Browser Exploitation: Firefox 31 - 34 RCEĪ few months ago, I was testing some Javascript code in Firefox involving Proxies. This blog post was originally written by Joe Vennix, and published here with his permission.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |