The usage of exploits in current threats underlines the critical need for users to keep programs updated at all times. Considering the great amount of time people spend on their computers connected to the Internet, web browsers are prime targets for cybercriminals.
This is a technical analysis of a recently discovered vulnerability in one of the most-used web browser: Mozilla Firefox.
This Mozilla Firefox vulnerability was discussed by Charis Rohlf and Yan Lvnitskiy during their presentation, Attacking Clientside JIT Compilers at the Black Hat Conference in Las Vegas earlier this year.
This vulnerability, identified as CVE-2011-2371, lies in the Js3250.dll library and Js3250!array_reduceRight function in Mozilla Firefox, and affects versions earlier than 3.6.18, as well as versions 4.0 through 4.0.1. Two proofs-of-concept for this vulnerability were already disclosed publicly earlier this month by Matteo Memelli and metasploit.
We performed some analysis through reverse engineering and tested with the published proof of concept. Through this, we were successfully able to execute arbitrary remote code on Firefox 3.6.16.
The following is a sample exploit code:
This code sets the array object length to a long value that will be handled as an unsigned integer. This will call reduceRight function on new Array.