An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
2 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos.
This repository contains a working exploit for CVE-2024-29943, a SpiderMonkey JIT (Just-In-Time) bug in Mozilla Firefox 124.0 that allows for remote code execution (RCE) on Windows 11. The exploit leverages integer range inconsistencies and bound check elimination in the JIT compiler to achieve out-of-bounds (OOB) read/write primitives. Two main exploit scripts are provided: - Exploit_64.js: Uses BigUint64Array for OOB memory manipulation, requiring significant RAM (~20GB). - Exploit_8.js: Uses Uint8Array for OOB writes, reducing RAM requirements (~10GB). Both scripts perform heap spraying and manipulate JavaScript arrays to corrupt memory, ultimately hijacking the JIT-compiled code to execute attacker-controlled shellcode. The shellcode is encoded as floating-point numbers and, when triggered, launches calc.exe as a demonstration of code execution. The exploit is tailored for Windows and requires the target to run the vulnerable Firefox version with specific mitigations disabled. No network or external endpoints are referenced; the attack is fully browser-based and local to the JavaScript engine. The README provides context, usage instructions, and credits to the original researcher.
This repository contains a working exploit for CVE-2024-29943, a SpiderMonkey JIT bug that can be leveraged for remote code execution. The main exploit logic is in 'Exploit.js', which demonstrates a full exploit chain: it manipulates JavaScript array bounds and JIT optimizations to achieve arbitrary memory read/write, then hijacks a JIT-compiled function pointer to execute attacker-controlled shellcode. The exploit is highly technical and operational, requiring a vulnerable build of SpiderMonkey (as referenced by a specific commit) and specific runtime flags to disable mitigations. 'PoC.js' and 'Inconsistency.js' provide proof-of-concept and minimal triggers for the underlying bug, while 'JitSpew.patch' is a debugging patch for SpiderMonkey's JIT internals. The README documents the vulnerability, reproduction steps, and references. No network or external endpoints are present; the exploit is local and targets the JavaScript engine directly. The exploit demonstrates advanced exploitation techniques, including heap spraying, type confusion, and JIT function pointer manipulation, culminating in arbitrary code execution.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.