Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

First, it should be noted that this is on the Firefox Attack & Defense blog, which looks like an amazing resource for the future.

CVE-2017-7766 & CVE-2017-7760 combined could both be used on the Firefox updater for an arbitrary file execution via updating the updater.ini file and an arbitrary file write with partial controllable data. This is important for later on.

Although the update.exe is digitally signed by Mozilla the specific version is not checked. So, an OLD updater can be inserted to the file path (for updating) and be used. This works as the classic rollback attack.

By combining the CVE's from 2017 and this rollback attack, it is possible to exploit the CVE's from 2017 AGAIN.

It should be noted that this attack only works if the user has installed this in a writable location (non-standard). Even though this is not the default, the replay attack is an interesting use-case that SHOULD be considered.

To patch this vulnerability, the team fixed the 2017 CVE's with more strict patches. I find this super interesting because a rollback attack may be possible again in the future.