Techly NewsGet the app

Get the latest tech news

Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey


Last year, @swapgs and I found a fun bug in the popular enterprise VPN solution Zscaler. The VPN client used the pacparser library to decide which HTTP requests to proxied based on a PAC file.

We noticed that pacparser was using a 17 year old version of SpiderMonkey(Firefox’s JS engine), but we didn’t have the chance to develop a full exploit at the time. When preparing Hack.lu CTF 2024, I noticed we were low on pwn challenges, so I decided to dust off my pwning skills (I’m usually a web player) and give this bug a try! The object itself lives on the heap, so we can leak its address and write to its location to control whet the first argument passed to the ops functions points to.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Year

Year

Photo of old version

old version

Photo of spidermonkey

spidermonkey

Related news:

News photo

Xenoblade Chronicles X is coming to Nintendo Switch next year

News photo

China’s EV Market Looks Headed for End-of-Year Sales Bonanza

News photo

Generative AI could cause 10 billion iPhones’ worth of e-waste per year by 2030

Raspberry Pi OS's yearslong switch from X Window to Wayland is now official »