mistymntncop.bsky.social
LightNews LightNews
mistymntncop.bsky.social
@mistymntncop.bsky.social
36 followers 83 following 21 posts
Posts Replies Media Videos
Exploit and mini writeup for CVE-2025-5419.
github.com/mistymntncop...
github.com
August 25, 2025 at 8:06 AM
My writeup for CVE-2024-7971. Just a POC. Let me know if u have any questions.
github.com/mistymntncop...
github.com
April 12, 2025 at 11:51 PM
CVE Cold Case. Isn't it crazy that even after a year we basically know nothing about the V8 ITW CVE-2024-0519. How is the property fast deletion path useful? Some minor notes about it here:
gist.github.com/mistymntncop...
CVE-2024-0519 notes
GitHub Gist: instantly share code, notes, and snippets.
gist.github.com
January 14, 2025 at 6:48 AM
AsyncFreeSnowWhite - a Disney story.
December 5, 2024 at 6:34 AM
In Spidermonkey is there a way of immediately creating an object on the Tenured heap without having to send it their via gc ?
December 2, 2024 at 11:23 PM
Before its public release my attempt at reversing CVE-2023-2033 was a failure. I got close in that i identified there was some difference in behavior between AccessorInfo and AccessorPair but I got lost. I didn't realize that you had to exploit re-entrancy
December 1, 2024 at 1:26 AM
CVE-2024-0519 is the vuln that got away. The swiftness of the patch has resisted attempts at reversing it so far. We know you can create a object where unused property fields = 0 but in reality it is bigger. This is known in the comments. However doesnt seem useful. What is the initial primitive ?
November 30, 2024 at 7:22 AM
Reposted by mistymntncop.bsky.social
handle.invalid
Spent some time researching #CVE-2024-11477, the new #7zip CVE and made a writeup about my work on it. Let me know what you think! github.com/TheN00bBuild...
GitHub - TheN00bBuilder/cve-2024-11477-writeup: CVE-2024-11477 7Zip Code Execution Writeup and Analysis
CVE-2024-11477 7Zip Code Execution Writeup and Analysis - TheN00bBuilder/cve-2024-11477-writeup
github.com
November 29, 2024 at 6:33 AM
On 01 Jul 2024 the "mOwnerWindow" fields from GlobalTeardownObserver was removed. mozilla::dom::Animation inherits from GlobalTeardownObserver. This is important as it will affect the size of Animation and offset of the write.
hg.mozilla.org/mozilla-cent...
mozilla-central @ df7327d207f1681a7ba33a6778ad218f882322c2
Bug 1904442 - Remove GlobalTearDownObserver::mOwnerWindow. r=smaug
hg.mozilla.org
November 29, 2024 at 5:56 AM
Re: The ITW CVE-2024-9680 exploit. I don't understand the purpose of the XSLT stuff. Doesn't really seem necessary ? Or We're they using it as an alloc primitive ?
November 28, 2024 at 12:17 AM
Re: CVE-2024-9680 - the use of setTimeout to call "getInfo" is an odd choice. Wouldn't just using the promise resolution itself be better ?
November 27, 2024 at 11:56 PM
As we suspected the ITW exploit for CVE-2024-9680 was definitely inspired by CVE-2022-0609. Just look at the variable names and other choices - such as creating a Animation object via "animate" function instead of constructor, he check for "if (this.toString() == "[object Animation]")" too.
November 27, 2024 at 12:02 AM
ESET's writeup on the latest ITW Firefox 0day
www.welivesecurity.com/en/eset-rese...
RomCom exploits Firefox and Windows zero days in the wild
ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-cl...
www.welivesecurity.com
November 26, 2024 at 12:14 PM
Dimitri Fourny's writeup on the latest Firefox ITW vuln CVE-2024-9680. A good old fashioned "I can free this thing in a callback UAF" - not as common in these modern type confusion dayze.
dimitrifourny.github.io/2024/11/14/f...
Firefox Animation CVE-2024-9680 – Dimitri Fourny
Personal website and computer security blog.
dimitrifourny.github.io
November 19, 2024 at 11:22 AM