CVE-2016-9079 PoC — Mozilla Firefox、Firefox ESR和Thunderbird 远程代码执行漏洞

Source

https://github.com/Tau-hub/Firefox-CVE-2016-9079

Associated Vulnerability

Title:Mozilla Firefox、Firefox ESR和Thunderbird 远程代码执行漏洞 (CVE-2016-9079)
Description:Mozilla Firefox、Firefox ESR和Thunderbird都是由美国Mozilla基金会开发的产品。Firefox是一款开源Web浏览器，Firefox ESR是Firefox的一个延长支持版本。Thunderbird是从Mozilla Application Suite中独立出来的一套电子邮件客户端软件。 Mozilla Firefox 50.0.2之前的版本、Firefox ESR 45.5.1之前的版本和Thunderbird 45.5.1之前的版本中存在远程代码执行漏洞。攻击者

Readme

# Firefox RCE CVE-2016-9079 nsSMILTimeContainer

This a manual exploit of https://www.exploit-db.com/exploits/41151, another one exists for Windows 10 (https://github.com/soham23/firefox-rce-nssmil) but it didn't work on windows 8.1 so I made mine.

You have to modify the line 241 with your own shellcode. There is an example above this line.

Download the repository, and start a server.
Using python server works fine.
```py
python3 -m http.server 8080
```

On your victime browse to http://<attacker_ip>:8080/ and it should work.

Tested on Windows 8.1 Entreprise x64 using firefox 38.

File Snapshot


 [4.0K]  /data/pocs/fe0f0c388240781b0977ddaef4f1c7501dd3bb98
├── [4.2K]  index.html
├── [ 589]  README.md
└── [ 13K]  worker.js

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!