This module runs a web server waiting for vulnerable clients (Firefox v1.04 or earlier) to connect to it. When the client connects, it will try to install an agent by triggering the InstallVersion.compareTo() vulnerability. When InstallVersion.compareTo() is passed an object rather than a string it assumed the object was another InstallVersion without verifying it. This condition can be leveraged to take control of the instruction pointer.
CVE Link
Exploit Platform
Exploit Type
Product Name