Exploit for multiple platform in category dos / poc
(CVE-2017-7821)
"browser.downloads addon feature may be used for RCE"
Steps:
1. Go to 'about:debugging'
2. Unpack attached PoC somewhere
3. Back in 'about:debugging' choose 'Load temp addon' and choose the poc
4. jar file is automatically downloaded and executed.
We are able to download and execute jar files automatically.
PoC Web Extention:
http://leucosite.com/CVE-2017-7821.zip
Reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=1346515
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821
# 0day.today [2018-01-04] #