CVE-2008-2317 Information

Feb 14, 2021 cve

Description

WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0 a different vulnerability than CVE-2008-1590.

Reference

http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://secunia.com/advisories/31074 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/archive/1/494777/100/0/threaded http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references http://www.zerodayinitiative.com/advisories/ZDI-08-045/ https://exchange.xforce.ibmcloud.com/vulnerabilities/43737

Share on: