WebKit JSC JSObject::ensureLength does not check if ensureLengthSlow fails.
>> ARCHIVE: 2017-06
WebKit JSC JSObject::ensureLength does not check if ensureLengthSlow fails.
WebKit JSC suffers from an incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope.
WebKit CachedFrame does not detach openers allowing for a universal cross site scripting vulnerability.
WebKit suffers from a use-after-free vulnerability in Element::setAttributeNodeNS.
WebKit suffers from a universal cross site scripting vulnerability in CachedFrameBase::restore.