Share
## https://sploitus.com/exploit?id=D3C54F51-33F6-5430-A623-292AF0B3AB30
# CVE-2024-29943

A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE.

Reproducing CVE-2024-29943 for Windows, based on [https://github.com/bjrjk/CVE-2024-29943](https://github.com/bjrjk/CVE-2024-29943)

## Modifications

The original exploit is written for Linux, so I attempted to reproduce it on Windows.

- [Exploit_8.js](./Exploit_8.js) - Modified version using Uint8Array to reduce RAM consumption (~ 10GB)
- [Exploit_64.js](./Exploit_64.js) - Original BigUint64Array method (~ 20GB)

## Demo

[Demo.mp4](Demo.mp4)

## Reproduce Information

- Version: [FIREFOX_124_0_RELEASE](https://github.com/mozilla-firefox/firefox/tree/FIREFOX_124_0_RELEASE)
- Operating System: Windows 11 Pro (Build 26100)
- Architecture: amd64
- Command Line Arguments: `./js.exe --spectre-mitigations=off Exploit_8.js`

## Credits

Original research and exploit by [bjrjk](https://github.com/bjrjk/CVE-2024-29943)

## Disclaimer

This repository is intended solely for educational purposes and must not be used for any malicious activities.