CVE-2015-7214 PoC — Mozilla Firefox和Firefox ESR 信息泄露漏洞

Source

https://github.com/llamakko/CVE-2015-7214

Associated Vulnerability

Title:Mozilla Firefox和Firefox ESR 信息泄露漏洞 (CVE-2015-7214)
Description:Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器；Firefox ESR是Firefox的一个延长支持版本。 Mozilla Firefox 42.0及之前版本和Firefox ESR 38.5之前38.x版本中存在安全漏洞。远程攻击者可借助data:和view-source: URI利用该漏洞绕过同源策略。

Description

[Firefox] SOP bypass PoC for CVE-2015-7214 (MFSA 2015-149)

Readme

# CVE-2015-7214

## What is CVE-2015-7214?

Please see the following link.

[Cross-site reading attack through data and view-source URIs](https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/)

## Contents

* `www/index.html`
    * SOP bypass PoC for Web
* `local/index.html`
    * SOP bypass PoC for local

## Requirements

* Firefox version **42.0** or earlier

The following is the download link of Firefox **42.0** for each platform.

* Windows
    * https://ftp.mozilla.org/pub/firefox/releases/42.0/win32/ja/Firefox%20Setup%2042.0.exe
* Mac
    * https://ftp.mozilla.org/pub/firefox/releases/42.0/mac/ja-JP-mac/Firefox%2042.0.dmg
* Linux
    * https://ftp.mozilla.org/pub/firefox/releases/42.0/linux-i686/ja/firefox-42.0.tar.bz2

File Snapshot


 [4.0K]  /data/pocs/ab58f138a15ffd736b79ea4dc39d4e57bdcd3bd6
├── [4.0K]  local
│   └── [1.6K]  index.html
├── [ 744]  README.md
└── [4.0K]  www
    └── [1.3K]  index.html

2 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!