Real exploit involved ROP chains to escalate JIT bugs.

broke: looking for old firefox JIT bug CVEs

woke: os.system('cat /flag.txt')

os.system() was in the scope lol, so just input os.system('cat /flag.txt') in Bob's jsshell to get flag.

utflag{d1d_y0u_us3_a_j1t_bug_0r_nah}