EIP-2026-117635

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117635. PoCs published by BestEffort Team.

AI-analyzed exploit summary The exploit describes a content-type confusion vulnerability in Mozilla Firefox <= 88.0.1, where a server can mislead Firefox into executing arbitrary code by serving a file with a mismatched Content-Type and file extension. The provided Python script simulates a malicious server that serves a fake JPEG file containing JavaScript code, which executes when opened by the user.

Description

Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code

Exploits (1)

exploitdb WRITEUP VERIFIED

by BestEffort Team · pythonlocalwindows

https://www.exploit-db.com/exploits/49892

View Code ZIP pw:eip

The exploit describes a content-type confusion vulnerability in Mozilla Firefox <= 88.0.1, where a server can mislead Firefox into executing arbitrary code by serving a file with a mismatched Content-Type and file extension. The provided Python script simulates a malicious server that serves a fake JPEG file containing JavaScript code, which executes when opened by the user.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mozilla Firefox <= 88.0.1

No auth needed

Prerequisites: User interaction required to open the downloaded file · Victim must be using Mozilla Firefox <= 88.0.1

MITRE ATT&CK

T1204 - User Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code

Exploitation Summary

Description

Exploits (1)

Details