This Metasploit modules exploits CVE-2020-26950, a use-after-free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order to construct primitives. The shellcode is forced into executable memory via the JIT compiler, and executed by writing to the JIT region pointer. This exploit does not contain a sandbox escape, so firefox must be run with the MOZ_DISABLE_CONTENT_SANDBOX environment variable set, in order for the shellcode to run successfully. This vulnerability affects Firefox versions prior to 82.0.3, Firefox ESR versions prior to 78.4.1, and Thunderbird versions prior to 78.4.2, however only Firefox versions up to 79 are supported as a target. Additional work may be needed to support other versions such as Firefox 82.0.1.
c5497acbfe1516edccf2f8747d261489391c42dfa92ad82028efc92b075df944Debian Linux Security Advisory 4788-1 - A use-after-free was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
bc4176d8c29f8cedbb473570305da436881f2c797041aa1bb26436ce9bb82fa6Debian Linux Security Advisory 4790-1 - A use-after-free was found in Thunderbird, which could potentially result in the execution of arbitrary code.
a24bba99e6f62b1a8545628a896b8371c3593d1819b5504e8b11b4bd9b56bc47Red Hat Security Advisory 2020-5163-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
e86f9f7e5dbafe388ac0c7e966bc25fa681537ec21d15f211db7532e11aed89dRed Hat Security Advisory 2020-5164-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
53502073f58bfd4cf69f19a05c9afba20d1b4a073c4719ee233f37b813ccc598Red Hat Security Advisory 2020-5162-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
153c88aca00072f8424ca495f076daef64a966287e506a23df10a825a2c455d4Red Hat Security Advisory 2020-5166-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
e3b5e957949f6979e3bed3952e1f20532bbdf5748dcb516a574972dae2900ea0Red Hat Security Advisory 2020-5167-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
b661871e488135058b6c5b9421c36eaf3d194b4234cbe057072a1452481340f3Red Hat Security Advisory 2020-5146-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
7d6e29563dea4c326d4fe3fcf64904279a3f238ee10cf8e3ca8811b7f17aef1cRed Hat Security Advisory 2020-5139-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.
56322375a826e25bd99bb88fb1ddd61a7a16470e0cfb9d8d1ede9c1e23da8cfdRed Hat Security Advisory 2020-5138-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.
8732b128cffd48b3150077eb9d60dbf5dac2f548219d46bc953705558e529a34Red Hat Security Advisory 2020-5135-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.
bdb082512a5702110545840f89df22a3a7b5d1b13254ac77f53b3a6862b57f67Red Hat Security Advisory 2020-5104-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.
cafcf64be7c5beec07b22dd361929b73316583c3959c44d3a42ed578e476dbb6Red Hat Security Advisory 2020-5099-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.
1a030ed3727d28a5c8adc65b440c58304fa204023b7b95198aa45dd40bf1fc61Red Hat Security Advisory 2020-5100-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.
d94156bd656c49bfbb9a8bad28893778aa5758f618130d54caf45ec4799eb68eGentoo Linux Security Advisory 202011-7 - A use-after-free in Mozilla Firefox might allow remote attacker(s) to execute arbitrary code. Versions less than 82.0.3 are affected.
4b1912ff8b58ae3cf8446bb5011eb79c7f84492c870faefdbcf52fd29fa26f61Ubuntu Security Notice 4625-1 - A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to execute arbitrary code.
3a76a9e6ea6939f5282649d312d639071b7a2dbf09ace9ed2716731cb0e8f5c2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed