Jump to content
Usr6

Tor Browser ( Firefox 41 < 50 ) - Code Execution 0day

Recommended Posts

Posted

# TOR Browser 0day : JavaScript Exploit !

## Works on Firefox versions 41 - 50

### The critical vulnerability is believed to affect multiple Windows versions of the open source Firefox web browser as far back as Firefox version 41, and up to Firefox version 50. When exploit opened by a Firefox or Tor Browser with Javascript enabled on a Windows computer, it leverage a memory corruption vulnerability in the background to make direct calls to kernel32.dll, which allows malicious code to be executed on computers running Windows. <i>Makes redirect to '/member.php' after code execution</i>

- - -

This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP. I had to break the "thecode" line in two in order to post, remove ' + ' in the middle to restore it. - SIGAINT

 

Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44267.zip

# 0day.today [2018-03-09] #

 

Sursa: https://0day.today/exploit/29975

  • Like 1
  • Upvote 5

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...