update documentation with note about Firefox 82.0.1

2022-02-26 12:35:38 +00:00 · 2022-02-26 12:35:38 +00:00 · 579811418f
parent 4e5cd8693d
commit 579811418f
2 changed files with 8 additions and 6 deletions
--- a/documentation/modules/exploit/multi/browser/firefox_jit_use_after_free.md
+++ b/documentation/modules/exploit/multi/browser/firefox_jit_use_after_free.md
@ -6,15 +6,16 @@ in an exploitable use-after-free condition.

 This exploit uses a somewhat novel technique of spraying ArgumentsData
 structures in order to construct primitives. The shellcode is forced into
-executable memory via the JIT compiler, and executed by writing to the
-JIT region pointer.
+executable memory via the JIT compiler, and executed by writing to the JIT
+region pointer.

 This exploit does not contain a sandbox escape, so firefox must be run
 with the MOZ_DISABLE_CONTENT_SANDBOX environment variable set, in order
 for the shellcode to run successfully.

 This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and
-Thunderbird < 78.4.2.
+Thunderbird < 78.4.2, however only Firefox < 82 is supported as a target.
+Additional work may be needed to support other versions such as Firefox 82.0.1.

 **Vulnerable Application Installation Steps**

--- a/modules/exploits/multi/browser/firefox_jit_use_after_free.rb
+++ b/modules/exploits/multi/browser/firefox_jit_use_after_free.rb
@ -20,15 +20,16 @@ class MetasploitModule < Msf::Exploit::Remote

          This exploit uses a somewhat novel technique of spraying ArgumentsData
          structures in order to construct primitives. The shellcode is forced into
-          executable memory via the JIT compiler, and executed by writing to the
-          JIT region pointer.
+          executable memory via the JIT compiler, and executed by writing to the JIT
+          region pointer.

          This exploit does not contain a sandbox escape, so firefox must be run
          with the MOZ_DISABLE_CONTENT_SANDBOX environment variable set, in order
          for the shellcode to run successfully.

          This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and
-          Thunderbird < 78.4.2.
+          Thunderbird < 78.4.2, however only Firefox <= 79 is supported as a target.
+          Additional work may be needed to support other versions such as Firefox 82.0.1.
        },
        'License' => MSF_LICENSE,
        'Author' => [