WebKit JSC JSObject::ensureLength Failure Check
Posted by deepcore under exploit (No Respond)
WebKit JSC JSObject::ensureLength does not check if ensureLengthSlow fails.
Archive for June, 2017
WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check
Posted by deepcore under exploit (No Respond)
WebKit JSC suffers from an incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope.
WebKit CachedFrame Universal Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WebKit CachedFrame does not detach openers allowing for a universal cross site scripting vulnerability.
WebKit Element::setAttributeNodeNS Use-After-Free
Posted by deepcore under exploit (No Respond)
WebKit suffers from a use-after-free vulnerability in Element::setAttributeNodeNS.
WebKit CachedFrameBase::restore Universal Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WebKit suffers from a universal cross site scripting vulnerability in CachedFrameBase::restore.