Skip to content
/ CVE-2019-17026-Exploit Public

An exploit for CVE-2019-17026. It pops xcalc and was tested on Ubuntu (x64).

48 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

maxpl0it/CVE-2019-17026-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
calc.html
calc.html
 
 

Repository files navigation

CVE-2019-17026 - A Firefox JIT bug

  • Original bug caught in the wild by Qihoo 360.
  • Exploit written by maxpl0it.
  • Works on Firefox < 72.0.1

This is an exploit for CVE-2190-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement

This exploit does not use a sandbox escape, so for testing the security.sandbox.content.level attribute in about:config needs to be set to 0. It should be possible to chain this with CVE-2020-0674 via PAC to get a sandbox escape on Windows.

The writeup for this vulnerability and the steps taken to exploit it can be found here.

About

An exploit for CVE-2019-17026. It pops xcalc and was tested on Ubuntu (x64).

Resources

Readme
Activity

Stars

48 stars

Watchers

3 watching

Forks

16 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages