Blazefox exploits for Windows 10 RS5 64 bits

This the repository associated with the article Exploiting Spidermonkey.

Overview

Blazefox is an exploitation challenge written by itszn for Blaze CTF 2018. The author added a blaze method to JavaScript Arrays that sets the size of the backing buffer to 420. This gives the attacker an out-of-bounds memory primitive.

Organization

Three exploits are documented and available in exploits,
A WindDbg JavaScript extension that allows to dump js::Value and JSObject objects in sm,
Various scripts built during the research in scripts,
An x64 debug build of the JavaScript shell (along private symbol information) in js-asserts, and an x64 release build in js-release,
The sources matching js-release private symbol information in src/js,
Last but not least, 7z archives of the Firefox binaries (along with xul.dll private symbol information) I compiled for Windows 64 bits in ff-bin.7z.001 and ff-bin.7z.002.

About

Blazefox exploits for Windows 10 RS5 64 bits.

MIT License

Languages

Language:C++ 85.2%Language:C 3.5%Language:Shell 2.5%Language:Assembly 2.2%Language:JavaScript 2.1%Language:TeX 1.2%Language:Python 0.8%Language:Roff 0.8%Language:Rust 0.6%Language:Makefile 0.5%Language:M4 0.5%Language:HTML 0.0%Language:Batchfile 0.0%