CVE-2011-0073

Mozilla Firefox <3.5.19 & <3.6.17, SeaMonkey <2.0.14 - RCE

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-0073. PoCs published by Metasploit, Abysssec, regenrecht, xero, including Metasploit module exploits/windows/browser/mozilla_nstreerange.

AI-analyzed exploit summary This Metasploit module exploits a dangling pointer vulnerability in Mozilla Firefox (CVE-2011-0073) by manipulating the nsTreeRange object to achieve remote code execution. It bypasses DEP without ROP but relies on Java or is limited by ASLR on non-XP systems.

Description

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17520

View Code ZIP pw:eip

This Metasploit module exploits a dangling pointer vulnerability in Mozilla Firefox (CVE-2011-0073) by manipulating the nsTreeRange object to achieve remote code execution. It bypasses DEP without ROP but relies on Java or is limited by ASLR on non-XP systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Mozilla Firefox 3.5.x <= 3.5.17, 3.6.x <= 3.6.16

No auth needed

Prerequisites: Victim uses vulnerable Firefox version · Java enabled (for ASLR bypass) or Windows XP (no ASLR)

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Abysssec · remotewindows

https://www.exploit-db.com/exploits/17419

View Code ZIP pw:eip

This exploit targets a use-after-free vulnerability in Mozilla Firefox <= 3.6.16 via the nsTreeSelection element. It leverages a Java ROP chain to bypass DEP/ASLR on Windows 7, achieving remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Mozilla Firefox <= 3.6.16

No auth needed

Prerequisites: Target running Firefox <= 3.6.16 on Windows 7 · Java installed for ROP chain

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by regenrecht, xero · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mozilla_nstreerange.rb

View Code ZIP pw:eip

This Metasploit module exploits a dangling pointer vulnerability in Mozilla Firefox's nsTreeRange object, allowing remote code execution by manipulating heap memory and bypassing DEP without ROP. It targets Firefox 3.5.x to 3.6.16 on Windows, leveraging Java or ASLR bypass techniques.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Mozilla Firefox 3.5.x to 3.6.16

No auth needed

Prerequisites: Victim must visit a malicious webpage · Java enabled or Windows XP (non-ASLR) for reliable exploitation

MITRE ATT&CK