Firefox current security features on Windows XP

Discussion in 'other software & services' started by Gullible Jones, Sep 20, 2015.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Something interesting I noticed while fooling around with Metasploit - Firefox 35, on Windows XP SP2, seems to have some kind of limited sandboxing feature. When in a meterpreter session inside the browser process, I cannot spawn other processes, migrate to processes in the same user account, or achieve any kind of filesystem persistence; even when running as admin.

    In this case, the initial meterpreter session was achieved using a fake extension. So I'm guessing this might involve the recent changes to extensions, but I'm not ruling out that the devs might have (finally) introduced some kind of privilege dropping.

    Can anyone reproduce this?

    Edit: I can at least confirm this is not a failure on part of Metasploit, since persistence etc. work fine against IE based sessions.

    Edit 2: sadly there does not seem to be any of this on Linux.
     
    Last edited: Sep 20, 2015
Loading...