SecuriTeam Blogs » Firefox 3.5 heap spray vuln

Firefox 3.5 heap spray vuln

July 14th, 2009 by Aviram, Filed under: Full Disclosure, Web

It’s nice to have milw0rm around: http://www.milw0rm.com/exploits/9137.

Be careful out there, firefox 3.5 users.

http://www.xyberpix.com xyberpix

This one has now been added to the Metasploit trunk as well.

modules/exploits/multi/browser/firefox_escape_retval.rb
zombiez

I used Ollydbg to attache the process but failed to trigger the exploit .Everytime I did such work ,I can only see the collapse of Firefox.The only way could I trigger the shellcode is in such kind of method.First , open a firefox.Second, open Ollydbg and open an excutable firefox process,run it.Third it will present a new windows and the ollydbg stops at address 7c92e54 .Forth, open the Html ,trigger the shellcode but the Ollydbg can show nothing…….Windbg the same……I wonder if you can tell how to deal with it.