Proxy Browser with JavaScript

CVE-2014-8636 Firefox Proxy Prototype Privileged Javascript
Top 100 Free Online Proxies

This exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability.


  • joev
  • Universal (Javascript XPCOM Shell)
  • Native Payload
  • firefox
  • java
  • linux
  • osx
  • solaris
  • windows
  • x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/browser/firefox_proxy_prototype msf exploit(firefox_proxy_prototype) > show targets msf exploit(firefox_proxy_prototype) > exploit


Related posts:

  1. Proxy Browser with Flash
  2. Proxy server with Port
  3. Proxy Browser Software
  4. Proxy server with Java
  5. Proxy server with JavaScript