Exploiting browsers for fun and profit
Web browsers are used primarily for surfing the Web. However, an outdated web browser can lead to the compromise of the entire system. Clients may never use the preinstalled web browser and choose the one based on their preference. However, the default preinstalled web browser can still lead to various attacks on the system. Exploiting a browser by finding vulnerabilities in the browser components is known as browser-based exploitation.
Note
For more information on Firefox vulnerabilities, refer to http://www.cvedetails.com/product/3264/Mozilla-Firefox.html?vendor_id=452. Refer to Internet Explorer vulnerabilities at http://www.cvedetails.com/product/9900/Microsoft-Internet-Explorer.html?vendor_id=26.
The browser autopwn attack
Metasploit offers browser autopwn, an automated attack module that tests various browsers in order to find vulnerabilities and exploit them. To understand the inner workings of this module, let's discuss the technology behind the...