Firefox browser.downloads addon feature may be used for RCE

2017.09.29
Credit: leucosite
Risk: High
Local: No
Remote: Yes
CWE: N/A

(CVE-2017-7821) "browser.downloads addon feature may be used for RCE" Steps: 1. Go to 'about:debugging' 2. Unpack attached PoC somewhere 3. Back in 'about:debugging' choose 'Load temp addon' and choose the poc 4. jar file is automatically downloaded and executed. We are able to download and execute jar files automatically. PoC Web Extention: http://leucosite.com/CVE-2017-7821.zip Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1346515 https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821

References:

http://leucosite.com/CVE-2017-7821.zip
https://bugzilla.mozilla.org/show_bug.cgi?id=1346515
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top