header-logo
Suggest Exploit
vendor:
Firefox
by:
SIGAINT
9,3
CVSS
HIGH
Memory Corruption Vulnerability
119
CWE
Product Name: Firefox
Affected Version From: Firefox version 41
Affected Version To: Firefox version 50
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2020

TOR Browser 0day : JavaScript Exploit !

This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to 'VirtualAlloc' in 'kernel32.dll' and goes from there. It leverages a memory corruption vulnerability in the background to make direct calls to kernel32.dll, which allows malicious code to be executed on computers running Windows and makes redirect to '/member.php' after code execution.

Mitigation:

Disable Javascript in the browser, update the browser to the latest version, and use a firewall to block malicious traffic.
Source

Exploit-DB raw data:

# TOR Browser 0day : JavaScript Exploit !
## Works on Firefox versions 41 - 50
### The critical vulnerability is believed to affect multiple Windows versions of the open source Firefox web browser as far back as Firefox version 41, and up to Firefox version 50. When exploit opened by a Firefox or Tor Browser with Javascript enabled on a Windows computer, it leverage a memory corruption vulnerability in the background to make direct calls to kernel32.dll, which allows malicious code to be executed on computers running Windows.
<i>Makes redirect to '/member.php' after code execution</i>

- - -

This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP. I had to break the "thecode" line in two in order to post, remove ' + ' in the middle to restore it. - SIGAINT



Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44267.zip

Navigation

Suggest Exploit

Services By CQR