CVE-2009-1690

Priority
Description
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0,
iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1,
Google Chrome 1.0.154.53, and possibly other products, allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) by setting an unspecified property of an
HTML tag that causes child elements to be freed and later accessed when an
HTML error occurs, related to "recursion in certain DOM event handlers."
Assigned-to
micahg
Notes
jdstrandwebkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit
mdeslaurPoC: http://trac.webkit.org/browser/trunk/LayoutTests/fast/parser/head-content-after-head-removal.html?format=txt
(need to add the <html> tags)
Package
Upstream:needs-triage
Patches:
Upstream:http://websvn.kde.org/?view=rev&revision=983316
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Upstream:http://trac.webkit.org/changeset/42532
More Information

Updated: 2019-12-05 20:53:13 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)