4 matches found
Apple WebKit 10.0.2(12602.3.12.0.1, r210800) - constructJSReadableStreamDefaultReader Type Confusion
Exploit for multiple platform in category web applications exec.argument0; if !stream return throwArgumentTypeErrorexec, scope, 0, "stream", "ReadableStreamReader", nullptr, "ReadableStream"; JSValue jsFunction = stream-get&exec, Identifier::fromString&exec, "getReader"; let rs = new...
Apple WebKit 10.0.2(12602.3.12.0.1) - Frame::setDocument (1) Universal Cross-Site Scripting Exploit
Exploit for multiple platform in category dos / poc && newDocument ASSERT!newDocument || newDocument-frame == this; if mdoc && mdoc-pageCacheState != Document::InPageCache mdoc-prepareForDestruction; mdoc = newDocument.copyRef; ... The function |prepareForDestruction| only called when the cache...
Apple WebKit 10.0.2 (12602.3.12.0.1, r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion
exec.argument0; if !stream return throwArgumentTypeErrorexec, scope, 0, "stream", "ReadableStreamReader", nullptr, "ReadableStream"; JSValue jsFunction = stream-get&exec, Identifier::fromString&exec, "getReader"; let rs = new ReadableStream; let cons = rs.getReader.constructor; rs.getReader =...
Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting
&& newDocument ASSERT!newDocument || newDocument-frame == this; if mdoc && mdoc-pageCacheState != Document::InPageCache mdoc-prepareForDestruction; mdoc = newDocument.copyRef; ... Before setting |mdoc| to |newDocument|, it calls |prepareForDestruction| that fires unload event handlers. If we call...