CVE-2024-8381: A SpiderMonkey Interpreter Type Confusion Bug.# CVE-2024-8381
A SpiderMonkey Interpreter Type Confusion Bug.
This repository contains analyses in markdown and slide forms, including root cause, PoC, and exploit.
Unfortunately, due to nature of this bug, **exploit is only applicable when ASLR is disabled**.
Slides: [Slides.pdf](Slides.pdf)
Analysis: [Analysis.md](Analysis.md)
## Demo
## Reproduce Information
- OS: Ubuntu 24.04
- GLIBC: Ubuntu GLIBC 2.39-0ubuntu8.3
- Clang: `version 18.1.7 (taskcluster-EnF59hKVRyOsVdbwyVaiug)`, Installed by `./mach bootstrap`
- Git Commit: [198d5fc1bebaaf114197a529ebdd4b9601045719](https://github.com/mozilla/gecko-dev/commit/198d5fc1bebaaf114197a529ebdd4b9601045719)
- PoC Execute Command: `obj-debug-x86_64-pc-linux-gnu/dist/bin/js PoC.js`
- Exploit Execute Command: `setarch x86_64 -R obj-opt-x86_64-pc-linux-gnu/dist/bin/js Exp.js`
- MOZConfig: Check `mozconfigs/`
## Acknowledgement
- Shoutout to [Nils Bars](https://x.com/__nils_) [@nbars](https://github.com/nbars) for finding the bug.
## References
1. https://www.cve.org/CVERecord?id=CVE-2024-8381
2. https://github.com/mozilla/gecko-dev/commit/fab7e5c28e628ddc2b873a723838562c9b41205e
3. https://github.com/mozilla/gecko-dev/commit/0ca509a3a7fbf4ff5d34cf25083a4427f3205549
4. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/with
5. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Symbol/unscopables
[4.0K] /data/pocs/2b4997d6080757d6936fad7f20e193f4e9c49f84
├── [ 25K] Analysis.md
├── [1.9K] Exp.js
├── [4.0K] images
│ ├── [260K] Exploit-Type-Confusion.png
│ └── [132K] PoC-Type-Confusion.png
├── [4.0K] mozconfigs
│ ├── [ 529] debug
│ └── [ 411] opt
├── [ 227] PoC.js
├── [1.5K] README.md
├── [334K] Slides.pdf
└── [4.0K] Videos
├── [2.1M] CVE-2024-8381.mp4
├── [2.1M] CVE-2024-8381-Tailored.gif
└── [813K] CVE-2024-8381-Tailored.mp4
3 directories, 12 files