5 matches found
Apple WebKit disconnectSubframes UXSS
Apple WebKit: UXSS via disconnectSubframes CVE-2017-2445 When an element is removed from a document, the function |disconnectSubframes| is called to detach its subframesiframe tag, object tag, etc.. Here is a snippet of |disconnectSubframes|. void disconnectSubframesContainerNode& root,...
Apple WebKit: UXSS via disconnectSubframes (CVE-2017-2445)
When an element is removed from a document, the function |disconnectSubframes| is called to detach its subframesiframe tag, object tag, etc.. Here is a snippet of |disconnectSubframes|. void disconnectSubframesContainerNode& root, SubframeDisconnectPolicy policy ... Vector frameOwners; if policy ...
CVE-2017-2445
creationtimestamp| type| source ---|---|--- 2017-04-04 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41802...
CVE-2017-2445
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via crafted frame objects...
CVE-2017-2445
CVE-2017-2445 is a UXSS/ cross-site scripting issue in WebKit used by Safari on iOS (and Safari/tvOS WebKit variants). The root cause is a validation/memory handling weakness in frame objects that can be triggered by crafted web content, enabling remote UXSS attacks. Affected platforms include iO...