Tags: web 

Rating:

Real exploit involved ROP chains to escalate JIT bugs.

*broke:* looking for old firefox JIT bug CVEs

*woke:* `os.system('cat /flag.txt')`

`os.system()` was in the scope lol, so just input `os.system('cat /flag.txt')` in Bob's jsshell to get flag.

`utflag{d1d_y0u_us3_a_j1t_bug_0r_nah}`