Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution | CVE-2016-2819 | CVE-2017-5375 | Lucideus Research

FireFox
Mozilla Firefox is a free and open-source web browser developed by Mozilla Foundation and its subsidiary, Mozilla Corporation. (We All Know :) )

Vulnerability
It is a vulnerability in which the attacker from his/her machine can crash the Firefox browser version 46.0.1  and execute any code remotely.This attack only works on Windows 10 and with Firefox 46.0.1

Here is a quick POC of recent exploit released by Rh0. Making it possible to do a remote code execution via Mozilla Firefox version 46.0.1.

Exploit Code: https://pastebin.com/vTAR1WuH

Quick POC

Step 1: Save the code in.html file.


Step 2:  Open the file in HTML or Deliver the file by uploading on any website as a page.

Step 3: Exploit executing

Step 4: Exploit executed the shellcode

                                                            
                                                                    Quick Video POC
                                              


Conclusion: Updates has been released by Mozilla Firefox security team, so make sure you update as soon as possible.

No comments:

Powered by Blogger.