CVE-2019-9791 PoC — Mozilla Firefox和Firefox ESR 输入验证错误漏洞

Source

https://github.com/Sp0pielar/CVE-2019-9791

Associated Vulnerability

Title:Mozilla Firefox和Firefox ESR 输入验证错误漏洞 (CVE-2019-9791)
Description:Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。 Mozilla Firefox 66之前版本和Firefox ESR 60.6之前版本中存在输入验证错误漏洞。远程攻击者可利用该漏洞任意读取和写入对象。

Description

Exploit chain for CVE-2019-9791 & CVE-2019-11708 against firefox 65.0 on windows 64bit

Readme

# Exploit chain for CVE-2019-9791 & CVE-2019-11708 against Firefox 65.0 

Works against Firefox 65.0 on windows 64bit.  CVE-2019-11708 part is taken from exploit by 0vercl0k:

https://github.com/0vercl0k/CVE-2019-11708

The exploit uses CVE-2019-9791 to obtain read/write primitive in content process then CVE-2019-11708 to make the main process load arbitrary url. In parent process  CVE-2019-9791 is used again to obtain arbitrary code execution.



![](demo.gif)

File Snapshot


 [4.0K]  /data/pocs/0f07e28d62092d3043d05af0e5381e29b99e2f5b
├── [3.1M]  demo.gif
├── [6.8K]  index.html
├── [2.1K]  original_poc.js
├── [ 475]  README.md
└── [ 16K]  stage2.html

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!