CVE-2015-4495 PoC — 多款Mozilla产品PDF阅读器安全漏洞

Source

https://github.com/vincd/CVE-2015-4495

Associated Vulnerability

Title:多款Mozilla产品PDF阅读器安全漏洞 (CVE-2015-4495)
Description:Mozilla Firefox、Firefox ESR和Firefox OS都是由美国Mozilla基金会开发。Firefox是一款开源Web浏览器；Firefox ESR是Firefox的一个延长支持版本；Firefox OS是一套基于Linux内核并应用于智能手机和平板电脑中的移动操作系统。多款Mozilla产品中的PDF阅读器存在安全漏洞。远程攻击者可借助特制的JavaScript代码和本机调节器利用该漏洞绕过同源策略，读取任意文件或获取权限。以下产品及版本受到影响：Mozilla Firefox

Description

Exploit for CVE-2015-4495 / mfsa2015-78

Readme

# CVE-2015-4495
Exploit for CVE-2015-4495 / mfsa2015-78

## How to use
Add your logic in the `parse_directory_listing` function.

## Usage
```bash
$ git clone https://github.com/vincd/CVE-2015-4495.git
$ cd CVE-2015-4495
$ python -m SimpleHTTPServer
```

Then open an unpatch Firefox (version < 39.0.3). A popup should spawn with the content of `/`.

# Credits
http://paste.ubuntu.com/12030863/

File Snapshot


 [4.0K]  /data/pocs/7781a9073b491361a12814a989dffae590fe3f0d
├── [ 209]  index.html
├── [6.3K]  main.js
└── [ 395]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!