9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.029 Low
EPSS
Percentile
90.8%
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit
in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for
iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) by destroying a
document.body element that has an unspecified XML container with elements
that support the dir attribute.
Author | Note |
---|---|
jdstrand | webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
mdeslaur | code does not seem present in kde4libs webkit code is different in hardy, need to check reproducer as of 2009-09-18, not fixed in upstream qt:4.5 tree |