CVE-2012-3993
Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
Title source: metasploitExploitation Summary
EIP tracks 2 public exploits for CVE-2012-3993.
PoCs published by Metasploit, Mariusz Mlynski, moz_bug_r_a4, joev, including Metasploit module exploits/multi/browser/firefox_proto_crmfrequest.
AI-analyzed exploit summary This Metasploit module exploits CVE-2013-1710 in Firefox 5.0-15.0.1 by manipulating the __exposedProps__ property to gain chrome-privileged context and install a malicious addon via the AddonManager API.
Description
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
Exploits (2)
This Metasploit module exploits CVE-2013-1710 in Firefox 5.0-15.0.1 by manipulating the __exposedProps__ property to gain chrome-privileged context and install a malicious addon via the AddonManager API.
This Metasploit module exploits CVE-2012-3993 in Firefox 5.0-15.0.1 by manipulating __exposedProps__ to gain chrome-privileged context and install a malicious addon via the AddonManager API. It combines CVE-2012-3993 and CVE-2013-1710 to achieve remote code execution.