3 matches found
WebKit WebCore::FrameView::scheduleRelayout Use-After-Free(CVE-2017-2514)
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted we...
WebKit WebCore::FrameView::scheduleRelayout Use-After-Free
WebKit: UAF in WebCore::FrameView::scheduleRelayout CVE-2017-2514 PoC: let f = document.body.appendChilddocument.createElement'iframe'; let g = f.contentDocument.body.appendChilddocument.createElement'iframe'; g.contentWindow.onunload = = g.contentWindow.onunload = null; let h =...
CVE-2017-2514
CVE-2017-2514 affects Apple’s WebKit stack in iOS prior to 10.3.2 and Safari prior to 10.1.1. The issue allows a remote attacker to execute arbitrary code or cause a denial of service through a crafted web site, via memory corruption in WebKit. An exploit exists (Exploit-DB entry 42063) per CIRCL...