Skip to content

/ blazefox

Blazefox exploits for Windows 10 RS5 64-bit.
exploitation blazefox firefox
C++ C Shell Assembly JavaScript TeX Other
  1. C++ 85.3%
  2. C 3.5%
  3. Shell 2.5%
  4. Assembly 2.2%
  5. JavaScript 2.1%
  6. TeX 1.2%
  7. Other 3.2%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

@0vercl0k
0vercl0k Update the links so that they point to the release section.
Latest commit 0ffeddf Dec 9, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
exploits Oops, thx chevalier masque! May 25, 2019
scripts Fix typo. Jan 12, 2019
sm typo. Dec 24, 2018
src Add the public directory as a bunch of important declarations are in Dec 27, 2018
LICENSE Initial commit Dec 23, 2018
README.md Update the links so that they point to the release section. Dec 9, 2019
blaze.patch Import the blazefox files. Dec 23, 2018

README.md

Blazefox exploits for Windows 10 RS5 64-bit

This the repository associated with the article Introduction to SpiderMonkey exploitation.

Overview

Blazefox is an exploitation challenge written by itszn for Blaze CTF 2018. The author added a blaze method to JavaScript Arrays that sets the size of the backing buffer to 420. This gives the attacker an out-of-bounds memory primitive.

ifrit.js

Organization

  • Three exploits are documented and available in exploits,
  • A WindDbg JavaScript extension that allows to dump js::Value and JSObject objects in sm,
  • Various scripts built during the research in scripts,
  • An x64 debug build of the JavaScript shell (along private symbol information) in js-asserts, and an x64 release build in js-release,
  • The sources matching js-release private symbol information in src/js,
  • Last but not least, 7z archives of the Firefox binaries (along with xul.dll private symbol information) I compiled for Windows 64-bit in ff-bin.7z.
You can’t perform that action at this time.