beef/modules/exploits/local_host/mozilla_nsiprocess_interface/config.yaml

#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
    module:
        mozilla_nsiprocess_interface:
            enable: false
            category: ["Exploits", "Local Host"]
            name: "Mozilla nsIProcess XPCOM Interface (Windows)"
            description: "The nsIProcess XPCOM interface represents an executable process. JavaScript code with chrome privileges can use the nsIProcess interface to launch executable files. In this module, nsIProcess is combined with the Windows command prompt cmd.exe<br /><br />Any XSS injection in a chrome privileged zone (e.g. typically in Firefox extensions) allows this module to execute arbitrary commands on the victim machine."
            authors: ["wade", "bcoles", "roberto.suggi@security-assessment.com", "nick.freeman@security-assessment.com"]
            target:
                working:
                    FF:
                        min_ver: 1
                        # It's actually 3.5 but min_ver only supports integers
                        max_ver: 3
                not_working: ["All"]