Commercial Grade Exploit Released for CVE-2011-0073 in Mozilla Firefox

White Phosphorus Exploit Pack version 1.12 for Immunity CANVAS now includes an exploit for CVE-2011-0073 in Mozilla Firefox versions 3.6.0 through to 3.6.16.

According to the vendor for White Phosphorus:

This module bypasses DEP and ALSR on anything from Windows XP through to Windows 7 to reliably provide a Mosdef node back to you.

(MOSDEF is Immunity CANVAS’ proprietary shell, like Meterpreter for Metasploit).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0073
http://blog.sharpesecurity.com/2011/04/29/mozilla-firefox-4-0-1-3-6-11-and-3-5-19-released/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Leave a Reply