Mozilla Firefox Array.reduceRight() Integer Overflow
Rocco Calvi
- Affected Vendor
- Mozilla
- Affected Product
- Firefox 3.6
- Exploit Type
- Metasploit Module
- Metasploit Module
exploit/windows/browser/mozilla_reduceright
Description
This module exploits a vulnerability in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution.