Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-9079 PoC — Mozilla Firefox、Firefox ESR和Thunderbird 远程代码执行漏洞

Source
https://github.com/Tau-hub/Firefox-CVE-2016-9079
Associated Vulnerability
Title:Mozilla Firefox、Firefox ESR和Thunderbird 远程代码执行漏洞 (CVE-2016-9079)
Description:A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Readme
# Firefox RCE CVE-2016-9079 nsSMILTimeContainer

This a manual exploit of https://www.exploit-db.com/exploits/41151, another one exists for Windows 10 (https://github.com/soham23/firefox-rce-nssmil) but it didn't work on windows 8.1 so I made mine.

You have to modify the line 241 with your own shellcode. There is an example above this line.

Download the repository, and start a server.
Using python server works fine.
```py
python3 -m http.server 8080
```

On your victime browse to http://<attacker_ip>:8080/ and it should work.

Tested on Windows 8.1 Entreprise x64 using firefox 38.
File Snapshot

 [4.0K]  /data/pocs/fe0f0c388240781b0977ddaef4f1c7501dd3bb98
├── [4.2K]  index.html
├── [ 589]  README.md
└── [ 13K]  worker.js

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →