CVE-2009-1690 (retired)

Priority
Description
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0,
iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1,
Google Chrome 1.0.154.53, and possibly other products, allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) by setting an unspecified property of an
HTML tag that causes child elements to be freed and later accessed when an
HTML error occurs, related to "recursion in certain DOM event handlers."
Notes
 jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
  it, while qt4-x11 attempts to unify khtml and webkit
 mdeslaur> PoC: http://trac.webkit.org/browser/trunk/LayoutTests/fast/parser/head-content-after-head-removal.html?format=txt
 mdeslaur> (need to add the <html> tags)
Assigned-to
micahg
Package
Upstream:needs-triage
Patches:
Upstream:http://websvn.kde.org/?view=rev&revision=983316
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Upstream:http://trac.webkit.org/changeset/42532
More Information

Updated: 2019-03-26 11:47:58 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)